Follow Slashdot stories on Twitter


Forgot your password?
Security Android Operating Systems Privacy Software Technology

Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities ( 102

An anonymous reader quotes a report from Ars Technica: According to a report published Tuesday by antivirus provider Kaspersky Lab, "Skygofree" is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares. With 48 different commands in its latest version, the malware has undergone continuous development since its creation in late 2014. It relies on five separate exploits to gain privileged root access that allows it to bypass key Android security measures. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, gelocation data, calendar events, and business-related information stored in device memory. Skygofree also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. Another never-before-seen feature is the ability to steal WhatsApp messages by abusing the Android Accessibility Service that's designed to help users who have disabilities or who may temporarily be unable to fully interact with a device. A third new feature: the ability to connect infected devices to Wi-Fi networks controlled by attackers. Skygofree also includes other advanced features, including a reverse shell that gives malware operators better remote control of infected devices. The malware also comes with a variety of Windows components that provide among other things a reverse shell, a keylogger, and a mechanism for recording Skype conversations.
This discussion has been archived. No new comments can be posted.

Researchers Uncover Android Malware With Never-Before-Seen Spying Capabilities

Comments Filter:
  • I find such things immensely distasteful. >.

    Hm. Gives me an idea for an app! appy app apps!

  • Three questions... (Score:4, Interesting)

    by Blinkin1200 ( 917437 ) on Tuesday January 16, 2018 @05:58PM (#55941753)

    1 - How can I tell if I'm infected?
    2 - Where can I get it?
    3 - How much does it cost?

    for testing purposes...

    • by AHuxley ( 892839 )
      As a thought experiment? A fictional movie script?
      1. Police, security services or special forces at the door with vans waiting outside.

      2.. That needs some research. Go to a library and write out a long list on paper of a nations most sensitive mil/industrial/research/medical sites, contractors/gov services, mil sites, mil ports.
      Dont do that research online.

      Buy a small number of new cell phones that have a lot of community software and hardware support to see what the cell phone hardware and OS is
    • by n329619 ( 4901461 ) on Tuesday January 16, 2018 @11:23PM (#55943551)

      1 - How can I tell if I'm infected?

      When you downloaded and installed the app.

      If you don't know if you downloaded or installed the app, you can tell it when your android device phoning home to a few ip like, or when it has one of these services that you do not initially have (AndroidAlarmManager, AndroidSystemService, AndroidSystemQueues, ClearSystems, ClipService, AndroidFileManager, AndroidPush, RegistrationService) or when your nonrooted device is somehow rooted. Source []

      2 - Where can I get it?

      Go the Kaspersky Lab Research Report from the article [], look at the bottom and find those links yourself.

      Disclaimer, your warranty is now void. This comment is not responsible for anything that may happen to your phone by installing the app. You do it at your own risk and take the responsibility upon yourself and you are not to blame the poster or anyone else.

      3 - How much does it cost?

      free as in herpes.

  • Sounds nasty (Score:5, Insightful)

    by DigitAl56K ( 805623 ) on Tuesday January 16, 2018 @06:08PM (#55941821)

    ... and let me guess, 90%+ of Anrdoid devices today will never receive updates that close all the exploits this thing takes advantage of.

    Android: For when you want to receive only semi-regular security updates for only a handful of models from a few manufacturers for a few years tops.

    • by AmiMoJo ( 196126 )

      Actually no Android devices are vulnerable to this. You have to enable installing apps from your browser, download it, install it, and then agree to all the permissions it demands. It doesn't use an exploit to install itself, it uses social engineering with web pages made to look like legit ones offer app updates.

      The table of URLs is at the bottom of TFA.

    • Hmm, lets see. I bought a Nexus 6 three years ago for $189. It received updates until just recently. I just bought an Essential phone for $280. It'll get updates for at least a couple of years.

      How much are those iphones again?

  • Google's habit of having everything in beta for nearly, or completely, its lifespan leads to things like this. The new features are the ones majorly being exploited. Accessibility getting around security? That is a major screwup considering that Android phones don't get regular updates. Some lower cost phones will never receive a patch and will be compromised for the entire time it is owned.

    • by AvitarX ( 172628 )

      Accessibility pretty much must get around security.

      It needs to be able to read everything on the screen to function.

    • by nasch ( 598556 )

      I don't think the accessibility features are all that new, are they?

  • According to Conventional Wisdom(TM) Meltdown and Spectre are MUCH worse, leading to patchy BIOS updates, BSODs and varying levels of performance loss. Perhaps a dose of perspective, which this helps bring to the table, is in order - finally.
  • by Rick Schumann ( 4662797 ) on Tuesday January 16, 2018 @06:20PM (#55941915) Journal
    Tell me why, again, I should ever have a smartphone?

    But Rick, you can't be one of the cool kids if you don't have one!
    But Rick, you're a luddite if you don't have one!
    But Rick, you're not interesting enough for anyone to spy on!
    But Rick, you're obviously paranoid and wearing a tinfoil hat, you should just calm down and get one anyway!

    ..and all the other lame-ass crap people post when I say this.

    If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!

    • If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!

      Better get that Intel-chipped laptop out then...

    • Maybe just don't install random crapware?

      When I was working support, I didn't blame laptops when users repeatedly installed bonzy buddy on them. I blamed the idiots who kept doing it over and over, and then kept bringing me the laptop whining about how slow it was.

      I suppose you would have just taken away their laptops and told them to go back to using pencils and paper.

      • Read the article. Has nothing to do with installing anything. Your Android phone can be infected with this malware without you doing anything and you'll never even know.
        • Read the article. Has nothing to do with installing anything. Your Android phone can be infected with this malware without you doing anything and you'll never even know.

          Bullshit. Neither of the linked articles state anything to that effect. As a matter of fact, both of them state that the malware is primarily spread via "web landing pages" which mimick various carriers websites, and the original Kaspersky article gives example. All of their examples are links to APK files.

          So, essentially, what needs to happen is:

          1. User is somehow directed to a webpage which looks like a cellphone carriers website.
          2. Webpage asks the user to download an APK file.
          3. User downloads the

          • >implying most people are 'remotely competent'.
            They're not. I am orders of magnitude more 'competent' than the average smartphone user. Therefore I refuse to own one. I'm on the verge of dumping wireless entirely in fact, really don't use it enough to justify it.
    • by tepples ( 727027 )

      Tell me why, again, I should ever have a smartphone?

      Because netbooks made for* GNU/Linux are no longer sold in major U.S. electronics showroom chains. What's less bad between a smartphone (or Android tablet) and a Windows 10 tablet or laptop?

      * "Made for" means shipping with or otherwise warranted to run.

      • by nasch ( 598556 )

        What's less bad between a smartphone (or Android tablet) and a Windows 10 tablet or laptop?

        I think his suggestion is to not use a smartphone or tablet. Seems like throwing out the baby to me, but to each his own.

        • If you care about your privacy and security then maybe you should think twice about using "always on" wireless devices like these.
    • If you want what's left of your privacy, and actual data security preserved, GET RID OF YOUR SMARTPHONE!

      Whew -- good thing I just replaced it with a mobile multifunction, n'est ce pas?

    • by antdude ( 79039 )

      Just get rid of everything like Internet, computers, etc. Go off the grid! :P

      • Oh okay guess there's nothing I can do about anything so why even try, I'll just get every always-on device on the planet like most of you seem to do, put cameras everywhere too (for my SAFETY of course!), get a Facebook and Twitter account again, share EVERY SINGLE ASPECT of my daily life with the whole world, and be like a frog on a dissection tray, splayed open for every government agency and corporation that wants to know any little fucking thing about me, including what kind of porn I like, how and whe
    • Tell me why, again, I should ever have a dumbphone?

      ..and to all the other tech nerds post when I say this.

      If you want what's left of your privacy, and actual data security preserved, Get rid of your dumbphone and GET A PIGEON!

      Pigeon not only looks cool but can also delivery your message securely and safely without all those phone / network connectivity nonsense. In addition, each pigeon comes with its own bird-droppings delivery feature which is prefect for targeting those on your most hated list, like y

    • In case you do need one at some point: CopperheadOS []. Unfortunately, it only supports Nexus phones at the moment, but they provide a Google-free security-hardened android distribution with regular updates and no proprietary components. I'm not saying it's bullet-proof, but getting rid of the telemetry Google has built into Google Play Services and providing regular security updates is orders of magnitude better than the competition.
    • Quite some time ago, I applied for a lower cost, higher end insurance package that my agent said would be good for me, but would require a huge background check. I've held a top secret and nuclear Q clearance, and this investigation felt about the same.

      Bearing in mind that this is pre-internet, at one point they asked me about any relationship I might have had with the ex husband of an ex girlfriend I hadn't even seen in years. Turns out he'd been involved in some insurance fraud. About all I could thin

  • by Anonymous Coward

    And the holes it opens are bigger.

  • by Fly Swatter ( 30498 ) on Tuesday January 16, 2018 @06:26PM (#55941963) Homepage

    And less like a warning for a product that you can apparently find by looking towards an Italian Security company.

    -Remember that internet thing? It didn't end well.

  • I'm never giving up the dial phone hanging on my wall.
    • Make sure you ignore that resistor I placed across your tip/ring.
      Or that man down the way a little bit using a buttset. I'm sure he's not making LD calls.

    • Never gonna give, never gonna give, (Give you up!)
  • Skygofree is a reminder that so-called implant software sold to governments and police forces, sometimes in countries with poor human rights records, remains a threat to people using a wide variety of devices and operating systems.

    It looks like it is a product sold to security agencies and police forces around the world. They might force the installation of this software by the sellers in their countries, or install it once they arrest the dissident. It is a spyware alright, but it might not be a garden variety virus that infects you unbeknownst to you.

  • ... they have no reason to adhere to NDAs by the various terror... err, I mean spying... err, I mean not stupidity but "intelligence" organizations, and can finally leak all the nasty shit.

    I hope.

  • by Anonymous Coward

    Tell me again why I shouldn't get the antivirus that catches the real bad guys?

    • by Anonymous Coward

      If you ignore the silliness about the alleged Kremlin entanglement and just evaluate the product on its merits, Kaspersky is pretty good. I didn't notice much impact on system resources save memory, but I've got plenty so it wasn't a problem. Browsing was slightly slowed be, not too bad. Actually my biggest beef with the product is that it's very, very chatty with Kaspersky servers. Even when you go through the configuration (which is extensive on advanced mode) and try to turn off all the options and featu

    • by AHuxley ( 892839 )
      Help find the next Skygofree, Stuxnet, Equation Group. []
      Wonder what many other nations top AV brands do all day?
  • I came to this article thinking they were talking about Google Home!
  • "Offensive security product"? Is that like "spending cuts in the tax code"?

  • That's the only relevant question here. Until drive-by downloads are a thing on Android, the only victims will be the common sense impaired.
    - Stick to Play Store if you don't know what you're doing, and check the developer name, reviews and number of downloads of whatever app you plan to download for any red flags. Better still, stick to well known, popular apps.
    - Keep the 'install apps from unknown sources' setting at its default state of unchecked if you're not smart enough to differentiate between malici

Q: How many IBM CPU's does it take to execute a job? A: Four; three to hold it down, and one to rip its head off.