Leave a comment

New mobile malware is straight out of a Hollywood spy movie

New mobile malware is straight out of a Hollywood spy movie
© Solarseven | Dreamstime.com

Here at Komando.com, our goal is to keep you safe in this constantly evolving world of digital threats and dangers. Just last year, we warned you about the most sophisticated Android attack ever called the Chrysaor aka Pegasus for Android,  a type of spyware that can completely take over your smartphone.

But as technology gets updated constantly, guess what gets regular upgrades, too? Yep, malware tools. Malware makers and black hat hackers are skilled programmers themselves and they constantly tweak and improve the tools of their trade to keep up with the times.

As such, you'll be blown away by this newly discovered malware. It's got all the wizardry and gizmos even the most sinister James Bond supervillain will definitely love. It's called "Skygofree," the latest in industrial grade mobile espionage.

"No, Mr. Bond, I expect you to spy"

According to a new report from cybersecurity company Kaspersky Lab, "Skygofree" is "one of the most powerful spyware tools" they have ever seen on Android and its multiple capabilities are "reminiscent of Hollywood spy movies."

Kaspersky spotted Skygofree late last year but evidence shows that it has been active since 2014. But in three years, it has evolved from a simple form of malware to an advanced spying Swiss Army Knife of sorts.

Its advanced functions include:

  • keylogging
  • photo taking
  • video capture
  • audio recording
  • call record access
  • location tracking
  • access to personal data like text messages, calendar events, social media activity and contacts

Skygofree's audio recording prowess is so advanced that it can automatically turn on a phone's mic and record sounds when the infected gadget enters a specific location. It can also turn on the front-facing camera and take selfie shots without the victim's knowledge. Just imagine what the cybercriminals can do with all the stolen shots!

A first is Skygofree's ability to spy on encrypted messages (like the ones sent through WhatsApp or Facebook Messenger) by exploiting Android's Accessibility Service. This service is meant for assisting people with disabilities but Skygofree abuses the system function that reads what is on a phone's screen.

But wait, there's more! Another new feature is its ability to automatically connect infected gadgets to Wi-Fi networks controlled by its masters. With this function, the bad guys can view web histories, redirect traffic and insert any man-in-the-middle attacks they wish.

With this comprehensive grab bag of malicious tools, this new malware is certainly a spying dream!

Where did  Skygofree come from?

Kaspersky researchers warn that Skygofree is spread via fake web landing pages that mimic the websites of mobile carriers. The domains they use have been active since 2015 and their campaigns are still in effect.

Further analysis revealed that the malware has traces of the domain name h3g.com, registered to an Italian IT company called Negg International.

Thankfully, Kaspersky has only detected a few infections for now and they all seem to originate from Italy as well, the malware's suspected country of origin.

Protect yourself from Android malware

Android security risks are growing each day so it's vital that Android owners are taking proactive measures to protect themselves:

  • Avoid third-party app stores - If you are going to download apps, get them from official app stores like Google Play. These official app stores have security measures in place that stop malicious apps from being available. With a few exceptions, in almost every case, a malicious app will come from a third-party source.
  • Enable Google Play Protect -  Make sure you enable Android's real-time security program, Google Play Protect. It certainly will be a huge help in containing malicious apps before they can cause damage.
  • Never open risky attachments in emails - don't open attachments from unsolicited emails. These attachments from fake emails are typically vectors for infections.
  • Be cautious with links - If you get an email or notification from a site that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser than clicking on a link. Always double check the URL of sites you visit too and look out for typos.
  • Update your gadget - Make sure that you have downloaded the latest security and operating system updates. These updates usually include patches to help protect your device from the most recent threats.

Have a question about Android phones? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area. 

These 4 malicious Chrome extensions are infecting more than half a million users

In related news, are your Google Chrome extensions safe? Check them now, you might have one of these nasty add-ons installed. Click here to learn all about them.

Next Story
Online banking glitch is double billing customer accounts
Previous Happening Now

Online banking glitch is double billing customer accounts

FBI warns against 'virtual kidnappers'
Next Happening Now

FBI warns against 'virtual kidnappers'

View Comments ()