A new piece of malware that features as-yet unseen features like location-based audio recordings may be among the most powerful offensive software tools created for the Android platform, according to Kaspersky Lab which detailed its discovery in a blog post this week.
Believing this to be a product of an Italy-based purveyor of spyware, Kaspersky Lab detailed some of the more insidious functions of "Skygofree" which have not been yet been observed in other tools of this nature. First among these is the ability to listen on an infected device"s surroundings based on GPS positioning. The piece of malware can force a device to log on to compromised Wi-Fi networks run by attackers, while also being able to pull data from WhatsApp by abusing the Android Accessibility Service.
Among the other features by Skygofree are taking pictures and videos, copying location data, call records and text messages, and even lifting information stored on the device.
In its statement, Kaspersky Lab described the tools as follows:
The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform. As a result of the long-term development process, there are multiple, exceptional capabilities.
The malware is believed to have been operational for at least three years now, and is propagated through the use of fake websites that disguise themselves as the official web portals belonging to, for example, carriers like Vodafone. These sites then encourage users to download and install unofficial apps.
As always, users concerned about their safety should be careful with the websites they visit, and ensure that the URLs of the webpage are correct. Installing apps outside of the Play Store is also rarely a good idea for the average user and should be done with caution.
Source: Kaspersky Lab via Ars Technica