“Most Trojans are similar to each other: after getting on devices, they steal payment data of its owner, extract for criminals or encrypt data to demand a ransom. But sometimes there are instances whose capabilities make one recall Hollywood movies about spies, “- says in a virus-dedicated message from Kaspersky Lab.

They said that the detected malicious program Skygofree has 48 different functions, including unique ones, which the company’s experts had never met before in malware.

“Another interesting technique that Skygofree has mastered is that you can seamlessly connect an infected smartphone or tablet to Wi-Fi networks that are under the complete control of intruders. Even if the owner of the device completely disabled Wi-Fi on the device, “- told in Kaspersky Lab.

This allows not only to analyze the victim’s traffic but also to read user-entered logins, passwords or card numbers. Also malicious can monitor the work of a number of messengers, including Facebook Messenger, WhatsApp, Skype, and Viber, collecting their text messages.

“Finally, Sky free can secretly turn on the front camera and take a picture when the user unlocks the device,” experts added.

The company’s specialists discovered Skygofree in early October of 2017, but during the study of the malware, it became clear that the original versions of this program were created as early as the end of 2014. Since then, the functionality of the Trojan has increased significantly and the program has acquired some unique capabilities.

According to Kaspersky Lab, Sky free was distributed on Internet pages that simulate mobile operators’ sites and are dedicated to optimizing the speed of the mobile Internet.

Also during the investigation of the malware several spyware for Windows were discovered, but whether the program was used to attack this operating system is still unknown.

“It does not attack hundreds of thousands of users”

RT talked with Kaspersky Lab’s antivirus expert Viktor Chebyshev, who gave some details about the new virus. According to him, Sky free managed to remain inconspicuous for a long time, since this spy-trojan uses undocumented features of the system and increases its privileges in such a way that all its actions “remain behind the scenes.”

“It is almost at the system level, and all the features that it implements, they are absolutely transparent to the user. That is, the user does not see any activity, hears no action, he simply remains unaware, “Chebyshev explained.

The interlocutor RT specified that it is very difficult to create such a program, therefore, a whole team of high-level professionals who are versed in all the features of the Android operating system most likely worked on it.

According to the antivirus expert, another feature of the virus, which allowed him to act unnoticed, is a narrow focus, sharpening Skygofree under the attack of a specific user.

“It is created so that it is invisible to the victim and for everyone else around. Plus, he has mechanisms to clean up tracks that destroy him after he has worked, “the expert added.

He specified that the purpose of the spyware virus was devices on the Android platform since it is this system that allows you to install applications from third-party sources, and not just from the official Google Play app store. Nevertheless, not only Android-devices can become vulnerable to such malicious programs.

“In other OSs, this feature is not available, all applications are installed from one centralized source, which is moderated. And the probability of infection is thus minimal. However, it is not ruled out, “the expert explained.

RT interlocutor added that the creation of Skygofree required significant resources – from a whole staff of developers who thoroughly know the OS, to artists and psychologists.

The expert said that the main purpose of the disclosed Trojan was never an attack on the broad masses of people. The program is designed specifically for espionage, shadowing a particular person, in whose devices she “sits down”. According to him, the range of application of this program can range from industrial espionage to surveillance of civil servants.

“The main task of this Trojan is to understand what is happening to the victim, around her, what she does, where she goes, who she talks to, what documents she interacts with … He can shoot with a video camera, shoot photos, record conversations in a specific situation “, – said an employee of Kaspersky Lab.

“If we talk about the mass market, about us and you, the attack, most likely, did not threaten us from the very beginning. Attack-specific individuals. Nevertheless (mass attack – RT ) should not be written off: what is implemented in this Trojan can be replicated, it can be distributed to a huge number of users, “the RT interlocutor stressed.

Speaking about ways to confront the virus threat, the expert urged all users not to install applications from third-party sources. In addition, he advised consumers to secure their mobile devices by installing a good security solution that will not allow them to pass through a malicious link and will block the installation of the virus application.

(Cyberops, Cyberops Infosec, VAPT, Cyber Security, Ethical Hacking, Secured Application Development)