Skip to main content

Kaspersky reveals 'most advanced' Android spyware

(Image credit: Image Credit: Alok Sharma / Pexels)

Android users have been warned to monitor their smartphone security after the uncovering of an hugely damaging new strain of spyware.

Researchers at Kaspersky Lab have discovered what they call a "highly advanced" cyber-surveillance tool called Skygofree that is able to spy on user's smartphone habits, including messaging and Wi-Fi connections.

This includes the ability to steal WhatsApp messages by hijacking a device's accessibility services. The spyware is also able to connect to malicious Wi-Fi networks controlled by the attackers, and also activate location-based recording through a devices' microphone whenever the user enters a particular location - a tool never before seen in the wild.

First detected back in 2014 but showing an unwelcome recent resurgence at the end of 2017, Skygofree has 48 unique commands in all - with some also reportedly looking to target users of Windows PC devices too.

Kaspersky Lab says that all the victims have so far been located in Italy, leading the company to believe that the minds behind the attack are based in the country, possibly an IT developer that offers some form of surveillance.

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion," said Alexey Firsh, malware analyst, targeted attacks research, Kaspersky Lab. 

"Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam."

Michael Moore
Michael Moore

Mike Moore is Deputy Editor at TechRadar Pro, and has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and ITProPortal.