WhatsApp Spy Scare: Android malware can 'steal messages' from your screen

WhatsApp Spy Scare: Android malware can 'steal messages' from your screen

Skygofree can also spy on messages with the help of the Accessibility Services and connect different infected devices to "Wi-Fi networks controlled by cybercriminals, explains the Kaspersky team".

Speaking to Sky News, Kaspersky's principal security researcher Vincente Diaz said that it was not clear from this whether Negg developed the software themselves or if the malicious software had been modified to falsely implicate them. At that time, the distribution campaign was at its most active, although the campaign is ongoing, with the most recent domain registered in October past year.

In total, Skygofree supports 48 commands that range from stealing encryption keys and conversations from chat applications such as WhatsApp, Viber and Facebook Messenger to exfiltrating call records, text messages, calendar events and virtually any file stored on the device.

"As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations", according to the researchers.

Although the malware was only discovered by Kaspersky in late 2017, the company says there's evidence that criminals have been using and enhancing it ever since 2014.

Believing this to be a product of an Italy-based purveyor of spyware, Kaspersky Lab detailed some of the more insidious functions of "Skygofree" which have not been yet been observed in other tools of this nature.

Co. Sells 6200 Shares of Costco Wholesale Co. (NASDAQ:COST)
The institutional investor owned 73,482 shares of the retailer's stock after buying an additional 2,693 shares during the period. Williams Jones & Associates Llc decreased Galapagos Nv Spon Adr stake by 84,647 shares to 6,670 valued at $679,000 in 2017Q3.

"The implant, named Skygofree includes functionality never seen in the wild before, such as location-based audio recording through infected devices", said Kaspersky Lab.

Still thought to be receiving updates from its authors, Skygofree offers attackers 48 different commands, allowing them flexibility to access nearly all services and information on the infected device. Chrysora, an Android spyware used in targeted attacks reported last year-reportedly manufactured by Israeli cyberdefense firm NSO Group-was found on under 36 Android devices, Google reported at the time. Apps not selected as protected apps stop working once the screen is off and await re-activation, so the implant is able to determine that it is running on a Huawei device and add itself to this list.

This includes the ability to steal WhatsApp messages by hijacking a device's accessibility services.

In addition to actively infecting Android devices, the attackers also appear to have an interest in Windows systems - researchers uncovered recently developed modules to target this platform.

As for the spyware's origin, Kaspersky's malware and targeted attacks expert Alexey Firsh has a "high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions". The malware was distributed heavily throughout 2015, when under a campaign by hackers they mimicked mobile operator websites and installed the malware to Android devices through these sites.

Related Articles

  • Wanting to eat the Tide Pod is perfectly natural

    Wanting to eat the Tide Pod is perfectly natural

    The case involved a young adult who put a laundry packet in his or her mouth. As with almost any substance, Aleguas said, "the dose makes the poison".

    Analyst Upside Underscores Impressive Growth for Digital Realty Trust, Inc. (NYSE:DLR)

    Today, Credit Suisse Group initiated coverage on Digital Realty Trust (NYSE:DLR) with a Neutral with a price target of $95.00. It dropped, as 53 investors sold FB shares while 618 reduced holdings. 142 funds opened positions while 524 raised stakes.
    Kentucky basketball unravels late, loses 76-68 at SC

    Kentucky basketball unravels late, loses 76-68 at SC

    The Wildcats never got within two the rest of the way, and SC made 5 of 6 free throws in the final 50 seconds to seal it. The Wildcats didn't make a field goal in the final six minutes and missed five free throws in the final four minutes.
  • Nadal Too good For Mayer In Melbourne

    Nadal Too good For Mayer In Melbourne

    There was also a scare for French Open champion Ostapenko, as she was involved in a rollercoaster of a clash with Ying-Ying Duan. In other action Wednesday, Ivo Karlovic of Croatia outlasted Yuichi Sugita of Japan 7-6 (3), 6-7 (3), 7-5, 4-6, 12-10.
    Maine AG Joins Group Trying to Block Net-neutrality Repeal

    Maine AG Joins Group Trying to Block Net-neutrality Repeal

    The FCC order bars states and cities from imposing rules on broadband providers that contradict the FCC's plan. Bob Corker said he does not support efforts to overturn the recent ruling.
    Police investigate fatal multi-vehicle crash near Dubbo

    Police investigate fatal multi-vehicle crash near Dubbo

    According to police, four cars, a truck and a utility were stopped at roadworks on the Newell Highway 20km north of Dubbo. Seven cars, including two trucks, were involved in the horror smash, and 12 people in total were inside the vehicles.
  • President Trump finally reveals winners of his 'Fake News Awards'

    President Trump finally reveals winners of his 'Fake News Awards'

    McCain's op-ed lands ahead of Trump's so-called " Fake News Awards ", an event he invented and has been promoting on Twitter . Rounding out the top five was the Washington Post for their report that a Trump rally in Florida was almost empty.
    Here's a sneak peek into BlackBerry's latest cybersecurity offering Jarvis

    Here's a sneak peek into BlackBerry's latest cybersecurity offering Jarvis

    If a flaw is detected, Jarvis immediately sends an alert with an accompanying recommendation. BlackBerry has already begun trialing "Jarvis" with some of the world's largest automakers.
    Defense attorney says client killed 2 California deputies

    Defense attorney says client killed 2 California deputies

    In addition to killing the two deputies, Bracamontes is accused of injuring a third deputy and shooting a motorist in the head. Two Sacramento County Sheriff's deputies were standing behind him in court, and one was standing behind Monroy.
  • Apple to Pay $38 Billion in Repatriation Tax; Plans New US Campus

    Apple to Pay $38 Billion in Repatriation Tax; Plans New US Campus

    With the dust still settling on its new spaceship campus in Cupertino, Apple announced plans to build another facility. The company also plans to expand the advanced manufacturing fund it started last spring from $1 billion to $5 billion.
    Dolores O'Riordan was 'found in hotel bathroom by a maid'

    Dolores O'Riordan was 'found in hotel bathroom by a maid'

    Tributes to the singer have poured in since her death, with former The Smiths bassist Andy Rourke the latest to remember Dolores. She said she'd had to convince herself to slow down and not to feel guilty, adding: "Because I am not going to live that long.
    How much will interest rate hike cost homeowners?

    How much will interest rate hike cost homeowners?

    However, uncertainty surrounding the future of the North American Free Trade Agreement (NAFTA) is clouding the economic outlook.