Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities (arstechnica.com)

Posted by BeauHD on from the all-encompassing dept.

An anonymous reader quotes a report from Ars Technica: According to a report published Tuesday by antivirus provider Kaspersky Lab, "Skygofree" is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares. With 48 different commands in its latest version, the malware has undergone continuous development since its creation in late 2014. It relies on five separate exploits to gain privileged root access that allows it to bypass key Android security measures. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, gelocation data, calendar events, and business-related information stored in device memory. Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Another never-before-seen feature is the ability to steal WhatsApp messages by abusing the Android Accessibility Service that's designed to help users who have disabilities or who may temporarily be unable to fully interact with a device. A third new feature: the ability to connect infected devices to Wi-Fi networks controlled by attackers. Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices. The malware also comes with a variety of Windows components that provide among other things a reverse shell, a keylogger, and a mechanism for recording Skype conversations.

9 of 102 comments (clear)

  1. Re:Kaspersky Lab by Anonymous Coward · · Score: 2, Interesting

    No that'd be NSA/Googlesoft :)

  2. Three questions... by Blinkin1200 · · Score: 4, Interesting

    1 - How can I tell if I'm infected?
    2 - Where can I get it?
    3 - How much does it cost?

    for testing purposes...

    1. Re:Three questions... by n329619 · · Score: 3, Informative

      1 - How can I tell if I'm infected?

      When you downloaded and installed the app.

      If you don't know if you downloaded or installed the app, you can tell it when your android device phoning home to a few ip like 54.67.109.199, or when it has one of these services that you do not initially have (AndroidAlarmManager, AndroidSystemService, AndroidSystemQueues, ClearSystems, ClipService, AndroidFileManager, AndroidPush, RegistrationService) or when your nonrooted device is somehow rooted. Source

      2 - Where can I get it?

      Go the Kaspersky Lab Research Report from the article, look at the bottom and find those links yourself.

      Disclaimer, your warranty is now void. This comment is not responsible for anything that may happen to your phone by installing the app. You do it at your own risk and take the responsibility upon yourself and you are not to blame the poster or anyone else.

      3 - How much does it cost?

      free as in herpes.

  3. Re:Doesn't make up for hacking our computers by Opportunist · · Score: 2

    "Known"? The Annoying Orange claiming something is now "known"?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Sounds nasty by DigitAl56K · · Score: 5, Insightful

    ... and let me guess, 90%+ of Anrdoid devices today will never receive updates that close all the exploits this thing takes advantage of.

    Android: For when you want to receive only semi-regular security updates for only a handful of models from a few manufacturers for a few years tops.

  5. Tell me why, again? by Rick+Schumann · · Score: 4, Funny
    Tell me why, again, I should ever have a smartphone?

    But Rick, you can't be one of the cool kids if you don't have one!
    But Rick, you're a luddite if you don't have one!
    But Rick, you're not interesting enough for anyone to spy on!
    But Rick, you're obviously paranoid and wearing a tinfoil hat, you should just calm down and get one anyway!

    ..and all the other lame-ass crap people post when I say this.

    If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!

  6. Re:Doesn't make up for hacking our computers by SonarNerd · · Score: 4, Insightful

    Your local government(s) exactly want you to think that way, so that you don't use those tools that would detect their malware. They can silence local tool vendors using National Security Letters. But not these kind of foreign ones.

    If you read the story, mostly Italians are infected, with a malware made by Italian company and likely used by Italian intelligence agencies...

  7. This reads more like an advertisement. by Fly+Swatter · · Score: 2

    And less like a warning for a product that you can apparently find by looking towards an Italian Security company.

    -Remember that internet thing? It didn't end well.

  8. Re:not so safe. by mark-t · · Score: 2

    While I was less than thrilled about Apple's lack of transparency over slowing down the older phones, I thought that all things considered, their efforts were still lengthening the useful life of the devices impacted. Working slower is better than not working, period.

    --
    File under 'M' for 'Manic ranting'