Kaspersky Lab revealed an unusual mobile trojan

17 January 2018
I'm sure many people have encountered various mobile Trojans and other malware. Most of them have a similar set of functions, such as stealing usernames and passwords, banking card data, or blocking data on the gadget for ransom. However, sometimes unique, more functional threats emerge. Kaspersky Lab recently shared information about one of them.The Android malware detected was named Skygofree. Kaspersky Lab notes that the Trojan has a variety of different functions, both quite familiar and unique, found in similar software for the first time. For example, Skygofree boasts the ability to determine the location of the gadget to activate audio recording when the victim is near certain coordinates. Thus, attackers can overhear not only users' private conversations, but also important meetings and more. In addition, the Trojan can independently turn on Wi-Fi on the gadget and connect to networks under the control of attackers. This means that Skygofree is able to collect and analyze the victim's traffic, as well as transmit data about the sites visited, the logins and passwords entered, credit card numbers and more. In addition, the malware is able to monitor the work of popular messengers such as WhatsApp, Skype, Viber and Facebook Messenger. In the first case, Skygofree behaves in a particularly curious way. In order to read other people's WhatsApp correspondence, it uses "Special Features," originally designed for users with impaired vision or hearing. Attackers, on the other hand, have found a way to use it to read everything that is displayed on the gadget's screen. In this case, to collect text messages on WhatsApp. Of course, the use of "Special Features" requires user confirmation, but the Trojan disguises the corresponding request as something harmless. Interestingly, the attackers have provided protection against a feature of the latest Android version, whereby inactive processes are automatically stopped to save battery power. The thing is that Skygofree periodically sends notifications to the system, and on gadgets that close all but a few applications at screen shutdown, it includes itself into the relevant list. The malware can also surreptitiously photograph the user with the front camera of the gadget when trying to unlock it, and has quite a usual set of other features for a Trojan. For example, it can intercept calls, texts, calendar entries and other personal data of the victim. Despite the fact that Skygofree has been used and developed since 2014, it was detected only at the end of 2017. The malware is usually distributed through fake mobile operator sites, in the form of a utility that can increase the speed of Internet access from an Android gadget. The main number of victims is in Italy, but this does not mean that attackers can not change the target audience at any time. In order not to fall into their trap, it is recommended not to download anything from suspicious sites and install a reliable antivirus on your smartphone, for example, Kaspersky Mobile Antivirus or ESET Mobile Security & Antivirus.