Warnings over WhatsApp as security experts discover 'one of the most powerful spyware tools' ever made for Android

Warnings over WhatsApp as security experts discover 'one of the most powerful spyware tools' ever made for Android

Warnings over WhatsApp as security experts discover 'one of the most powerful spyware tools' ever made for Android

Security researchers have discovered a new type of Android spyware that uses techniques ‘previously unseen in the wild’ to record the activity of WhatsApp users.

The new malware, called Skygofree, was first spotted by antivirus firm Kapersky Lab this fall – but, they say it has likely been in development since 2014.

Skygofree can carry out a number of remote commands, including taking pictures or videos with the affected device, and even recording audio when the user enters a specified location.

Security researchers have discovered a new type of Android spyware that uses techniques ‘previously unseen in the wild’ to record the activity of WhatsApp users. The new malware, called Skygofree, was spotted by antivirus firm Kapersky Lab. Stock image

WHAT IS SKYGOFREE? 

Researchers from the Kapersky Lab say the 'Skygofree' malware was first made three years ago, and has continually improved since.  

The Kapersky researchers say they’ve identified several web landing pages that spread the implant by mimicking the pages of mobile operators.

While most of the domains are outdated, the firm says almost all remain accessible, and mimic both domain name and page content.

Once a device is infected, the malware is able to carry out location-based audio recordings, meaning it can automatically begin recording the device’s surroundings when that device enters a specified place.

It can spy on messages using the Accessibility Services, and connec different infected devices to 'Wi-Fi networks controlled by cybercriminals,' Kapersky team says.

According to a new report from the researchers at Kapersky Lab, Skygofree is likely the creation of an Italian IT company, with ‘several’ affected devices found so far only in Italy.

It’s thought the malware was first made three years ago, and has continually improved since.

Now, it has several advanced features that haven’t been seen anywhere else.

The malware is able to carry out location-based audio recordings, meaning it can automatically begin recording the device’s surroundings when that device enters a specified place.

It can also spy on messages using the Accessibility Services, and connect different infected devices to 'Wi-Fi networks controlled by cybercriminals,' the Kapersky team says.

‘The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform,’ the researchers wrote.

‘As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations.’

The Kapersky researchers say they’ve identified several web landing pages that spread the implant by mimicking the pages of mobile operators.

While most of the domains are outdated, the firm says almost all remain accessible, and mimic both domain name and page content.

‘Unfortunately, for now we can’t say in what environment these landing pages were used in the wild, but according to all the information at our disposal, we can assume that they are perfect for exploitation using malicious redirects or man-in-the-middle attacks,’ the researchers wrote.

The malware is able to automatically begin recording the device’s surroundings when that device enters a specified place. It can also spy on messages using the Accessibility Services, and connect different infected devices to 'Wi-Fi networks controlled by cybercriminals'

‘For example, this could be when the victim’s device connects to a Wi-Fi access point that is infected or controlled by the attackers.’

The new report comes just a week after WhatsApp was revealed to have a huge design flaw, which allows anyone to infiltrate private group chats despite its ‘end-to-end encryption.’

The study, presented at the Real World Crypto security conference in Zurich, Switzerland, by a group of researchers from Ruhr University Bochum in Germany, found that anyone with control over WhatsApp's servers can add people to private group chats, including staff, hackers and governments who legally demand access.

In response, however, Facebook's Chief Security Officer Alex Stamos wrote on Twitter that the bug is not effective because WhatsApp users are notified when new members join conversations.