Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities (arstechnica.com) 102
An anonymous reader quotes a report from Ars Technica: According to a report published Tuesday by antivirus provider Kaspersky Lab, "Skygofree" is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares. With 48 different commands in its latest version, the malware has undergone continuous development since its creation in late 2014. It relies on five separate exploits to gain privileged root access that allows it to bypass key Android security measures. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, gelocation data, calendar events, and business-related information stored in device memory. Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Another never-before-seen feature is the ability to steal WhatsApp messages by abusing the Android Accessibility Service that's designed to help users who have disabilities or who may temporarily be unable to fully interact with a device. A third new feature: the ability to connect infected devices to Wi-Fi networks controlled by attackers. Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices. The malware also comes with a variety of Windows components that provide among other things a reverse shell, a keylogger, and a mechanism for recording Skype conversations.
Re: (Score:2, Interesting)
Re: (Score:2)
Maybe it is a case of 'have to be a thief to catch a thief'.
Sounds as nasty as veriato / spector (Score:2)
I find such things immensely distasteful. >.
Hm. Gives me an idea for an app! appy app apps!
Re: (Score:3)
"Known"? The Annoying Orange claiming something is now "known"?
Re: (Score:2)
Where does she enter the equation?
Is it possible in your little black-and-white world that thinking the Annoying Orange is simply and plainly a loonie doesn't automatically mean that I consider the bitch any better? You had an election last year, but no choice.
Back on topic: You wanted to show me some kind of proof that Kaspersky is spying for the Russians.
Re: (Score:2)
Whatever. Am I going to hear where Kaspersky is spying for Russia?
Re: (Score:2)
OK. I think there's a fair chance that Kaspersky is spying for Russia, at least occasionally. Now ask me about AT&T, or someone else, because it's not like that makes them different from any other company. Russia spying on me is a less direct threat than some US agency doing so.
It's quite appropriate to say than on US classified work should be done on any device running Kaspersky software. But I doubt than any British or Japanese company should trust software from the US.
Re: (Score:2)
So "there is a fair chance" is now translated to "it is known fact"?
What we have is allegations from the annoying orange. That's it. Their response was to have their source code audited for any possibility of collaboration with any state actor, which is more than I could say for Microsoft, Symantec or McAfee.
Re:Doesn't make up for hacking our computers (Score:4, Insightful)
Your local government(s) exactly want you to think that way, so that you don't use those tools that would detect their malware. They can silence local tool vendors using National Security Letters. But not these kind of foreign ones.
If you read the story, mostly Italians are infected, with a malware made by Italian company and likely used by Italian intelligence agencies...
Re: (Score:2)
Re: (Score:2)
two sides.
it's true anyways.
however, I suspect google paid them off to emphasize accessibility service use, so google can remove it and cite that as reason.
because you know, if you have root, they can get the views without the accessibility server as well(this is necessary so they get the text fields contents without having to screencap the entire thing, which would work just as fine for spying as well).
and yes I have written an accessibility service for android - it was necessary so that I could know what
Three questions... (Score:4, Interesting)
1 - How can I tell if I'm infected?
2 - Where can I get it?
3 - How much does it cost?
for testing purposes...
Re: (Score:2)
1. Police, security services or special forces at the door with vans waiting outside.
2.. That needs some research. Go to a library and write out a long list on paper of a nations most sensitive mil/industrial/research/medical sites, contractors/gov services, mil sites, mil ports.
Dont do that research online.
Buy a small number of new cell phones that have a lot of community software and hardware support to see what the cell phone hardware and OS is
Re:Three questions... (Score:4, Informative)
When you downloaded and installed the app.
If you don't know if you downloaded or installed the app, you can tell it when your android device phoning home to a few ip like 54.67.109.199, or when it has one of these services that you do not initially have (AndroidAlarmManager, AndroidSystemService, AndroidSystemQueues, ClearSystems, ClipService, AndroidFileManager, AndroidPush, RegistrationService) or when your nonrooted device is somehow rooted. Source [securelist.com]
Go the Kaspersky Lab Research Report from the article [securelist.com], look at the bottom and find those links yourself.
Disclaimer, your warranty is now void. This comment is not responsible for anything that may happen to your phone by installing the app. You do it at your own risk and take the responsibility upon yourself and you are not to blame the poster or anyone else.
free as in herpes.
not so safe. (Score:1)
I will stick to a safe and professionally coded software like iOS, which is real Unix.
Many people are grateful of those many naked celebrity photos from Apple. After apple crippling users phones I am astonished anyone would buy from them. They continue to be ethically bankrupt.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
"Die" meaning "turn off" not "become a brick".
Re: (Score:2)
Re: (Score:2)
It's been all over coverage of the issue. That is the explanation Apple gave for why they did this. Without the patch, if the system requested more voltage than the battery could deliver, it would just shut off. By throttling the processor, the peak voltage demand is decreased and the device can keep running.
Re: (Score:2)
Slowing down the device enabled it to keep working... yet, the AC to whom I responded above stated:
Re: (Score:2)
Oh I see... I'm not sure what he meant by that. Sounds like he misunderstood something. Sorry to add to the confusion.
Re: (Score:2)
So you'd rather get a slower device that will completely die unexpectedly (done people would assign blame to other factors like app boat) instead of one that dies under heavy load but can be restarted (as the battery isn't that far gone yet, since it's effects aren't being hidden)
Yes. The former (automatic power save once battery weakens) allows me to dial emergency services or hail a ride until such time as I can schedule a battery replacement. The latter does not.
Re: (Score:1)
are you moron? leaked photos afaik were retrieved with stolen or easily-guessed password via iCloud not directly from iOS. or from phone repairing shop. educate yourself before commenting such
Sounds nasty (Score:5, Insightful)
... and let me guess, 90%+ of Anrdoid devices today will never receive updates that close all the exploits this thing takes advantage of.
Android: For when you want to receive only semi-regular security updates for only a handful of models from a few manufacturers for a few years tops.
Re: (Score:2)
Actually no Android devices are vulnerable to this. You have to enable installing apps from your browser, download it, install it, and then agree to all the permissions it demands. It doesn't use an exploit to install itself, it uses social engineering with web pages made to look like legit ones offer app updates.
The table of URLs is at the bottom of TFA.
Re: (Score:2)
Hmm, lets see. I bought a Nexus 6 three years ago for $189. It received updates until just recently. I just bought an Essential phone for $280. It'll get updates for at least a couple of years.
How much are those iphones again?
New features going untested (Score:2)
Google's habit of having everything in beta for nearly, or completely, its lifespan leads to things like this. The new features are the ones majorly being exploited. Accessibility getting around security? That is a major screwup considering that Android phones don't get regular updates. Some lower cost phones will never receive a patch and will be compromised for the entire time it is owned.
Re: (Score:1)
Accessibility pretty much must get around security.
It needs to be able to read everything on the screen to function.
Re: (Score:2)
I don't think the accessibility features are all that new, are they?
Re: CopperheadOS (Score:2)
CopperheadOS, as great as it is, is only available for a few devices. And given that it supports all the typical accessibility features I suspect it would still be vulnerable to this.
But, what about Meltdown? (Score:2)
Tell me why, again? (Score:5, Funny)
But Rick, you can't be one of the cool kids if you don't have one!
But Rick, you're a luddite if you don't have one!
But Rick, you're not interesting enough for anyone to spy on!
But Rick, you're obviously paranoid and wearing a tinfoil hat, you should just calm down and get one anyway!
..and all the other lame-ass crap people post when I say this.
If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
Re: (Score:2)
If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
Better get that Intel-chipped laptop out then...
Re: (Score:2)
Actually, the further you go into the past, the more privacy you had. This was largely due to economics, of course. But in 1960 only draft age males had to carry an ID card, and nobody carried a phone. You could open a bank account with no proof of identity, etc.
Before WWII nobody had to carry an ID card. Before 1910 almost nobody carried *any* government issued ID. Etc.
(I may have gotten a couple of the dates a bit wrong, but it's about right. I'm not certain, e.g., that soldiers didn't carry offic
Re: Tell me why, again? (Score:2)
Maybe just don't install random crapware?
When I was working support, I didn't blame laptops when users repeatedly installed bonzy buddy on them. I blamed the idiots who kept doing it over and over, and then kept bringing me the laptop whining about how slow it was.
I suppose you would have just taken away their laptops and told them to go back to using pencils and paper.
Re: (Score:2)
Re: Tell me why, again? (Score:2)
Read the article. Has nothing to do with installing anything. Your Android phone can be infected with this malware without you doing anything and you'll never even know.
Bullshit. Neither of the linked articles state anything to that effect. As a matter of fact, both of them state that the malware is primarily spread via "web landing pages" which mimick various carriers websites, and the original Kaspersky article gives example. All of their examples are links to APK files.
So, essentially, what needs to happen is:
1. User is somehow directed to a webpage which looks like a cellphone carriers website.
2. Webpage asks the user to download an APK file.
3. User downloads the
Re: (Score:2)
They're not. I am orders of magnitude more 'competent' than the average smartphone user. Therefore I refuse to own one. I'm on the verge of dumping wireless entirely in fact, really don't use it enough to justify it.
Re: Tell me why, again? (Score:2)
I'm on the verge of dumping wireless entirely in fact
Good plan, Rick. Just stick to that paper and pencil.
Re: (Score:2)
Tell me why, again, I should ever have a smartphone?
Because netbooks made for* GNU/Linux are no longer sold in major U.S. electronics showroom chains. What's less bad between a smartphone (or Android tablet) and a Windows 10 tablet or laptop?
* "Made for" means shipping with or otherwise warranted to run.
Re: (Score:2)
What's less bad between a smartphone (or Android tablet) and a Windows 10 tablet or laptop?
I think his suggestion is to not use a smartphone or tablet. Seems like throwing out the baby to me, but to each his own.
Re: (Score:2)
Re: (Score:2)
If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!
Whew -- good thing I just replaced it with a mobile multifunction, n'est ce pas?
Re: (Score:2)
Just get rid of everything like Internet, computers, etc. Go off the grid! :P
Re: (Score:2)
Re: (Score:2)
Tell me why, again, I should ever have a dumbphone?
..and to all the other tech nerds post when I say this.
If you want what's left of your privacy, and actual data security preserved, Get rid of your dumbphone and GET A PIGEON!
Pigeon not only looks cool but can also delivery your message securely and safely without all those phone / network connectivity nonsense. In addition, each pigeon comes with its own bird-droppings delivery feature which is prefect for targeting those on your most hated list, like y
Re: (Score:2)
Yep, I also used to think that having a smartphone was pointless.
Then I got one, installed a console, text editor and compiler and now I can code while on the crapper.
What's the advantage of buying a smartphone and using that on the crapper over buying a laptop made for GNU/Linux and using that on the crapper?
Re: (Score:2)
Re: (Score:2)
Quite some time ago, I applied for a lower cost, higher end insurance package that my agent said would be good for me, but would require a huge background check. I've held a top secret and nuclear Q clearance, and this investigation felt about the same.
Bearing in mind that this is pre-internet, at one point they asked me about any relationship I might have had with the ex husband of an ex girlfriend I hadn't even seen in years. Turns out he'd been involved in some insurance fraud. About all I could thin
Read the name as "SkyGoatse". (Score:1)
And the holes it opens are bigger.
This reads more like an advertisement. (Score:3)
And less like a warning for a product that you can apparently find by looking towards an Italian Security company.
-Remember that internet thing? It didn't end well.
I like old stuff (Score:2)
Re: (Score:2)
Make sure you ignore that resistor I placed across your tip/ring.
Or that man down the way a little bit using a buttset. I'm sure he's not making LD calls.
Re: (Score:2)
It is an implant software (Score:2)
Skygofree is a reminder that so-called implant software sold to governments and police forces, sometimes in countries with poor human rights records, remains a threat to people using a wide variety of devices and operating systems.
It looks like it is a product sold to security agencies and police forces around the world. They might force the installation of this software by the sellers in their countries, or install it once they arrest the dissident. It is a spyware alright, but it might not be a garden variety virus that infects you unbeknownst to you.
I guess now that Kaspersky is deemed "evil" ... (Score:1)
... they have no reason to adhere to NDAs by the various terror... err, I mean spying... err, I mean not stupidity but "intelligence" organizations, and can finally leak all the nasty shit.
I hope.
Kaspersky (Score:1)
Tell me again why I shouldn't get the antivirus that catches the real bad guys?
Re: (Score:1)
If you ignore the silliness about the alleged Kremlin entanglement and just evaluate the product on its merits, Kaspersky is pretty good. I didn't notice much impact on system resources save memory, but I've got plenty so it wasn't a problem. Browsing was slightly slowed be, not too bad. Actually my biggest beef with the product is that it's very, very chatty with Kaspersky servers. Even when you go through the configuration (which is extensive on advanced mode) and try to turn off all the options and featu
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Wonder what many other nations top AV brands do all day?
Misconception (Score:2)
Offensive (Score:2)
"Offensive security product"? Is that like "spending cuts in the tax code"?
Does it require human intervention to install? (Score:2)
That's the only relevant question here. Until drive-by downloads are a thing on Android, the only victims will be the common sense impaired.
- Stick to Play Store if you don't know what you're doing, and check the developer name, reviews and number of downloads of whatever app you plan to download for any red flags. Better still, stick to well known, popular apps.
- Keep the 'install apps from unknown sources' setting at its default state of unchecked if you're not smart enough to differentiate between malici