Security researchers from Kaspersky have found one of the most powerful strains of Android spyware that enable attackers to take full control over the infected devices remotely.
The new spyware has been called Skygofree, it has been created for targeted surveillance. The researchers traced down indication of Skygofree’s activity back to 2014, but they said the spyware was most active in 2016. They also said that the spyware’s source code included many strings and comments written in the Italian language, which suggests the spyware was intentionally created to target Italian users only.
The malware could record audio through the microphone when an infected device was in a specified location and could make the device to connect to Wi-Fi networks managed by the hacker.
According to researchers: “Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam.”
Skygofree has been spread through fake web pages that are simulating leading mobile network operators, most of which have been registered by the cybercriminals since 2015.
Once installed, it shows a fake welcome notification to the victim:
“Dear Customer, we’re updating your configuration and it will be ready as soon as possible.”
At the same moment, it hides an icon and starts background services to hide further operations from the victim.
Users are recommended to download apps only from the official stores.