Zimperium Blog

Threat Advisory: Skygofree

Skygofree, another in the long line of Android based spyware, is being touted as one of the most advanced targeted surveillance tools ever seen on mobile devices. Skygofree is designed to enable surveillance and full device control by remote attackers. On unprotected mobile devices, Skygofree allows attackers to perform advanced attacks including location-based sound recording, stealing communications including WhatsApp messages, and connecting to compromised networks controlled by the malware operators.

Skygofree Analysis

According to the researchers that disclosed the malware, here are the salient points of Skygofree:

  • Only select individuals in Italy are being targeted, as are the malware’s developers. Users are lured to a website where they’re asked to update or configure their device configuration, allowing the malware to be dropped in the process.
  • Skygofree offers attackers 48 different commands, enabling access to all services and information on the infected device.
  • One advanced feature is the ability to use location services to use the device’s microphone when the user is in a specific place.
  • Contains the features and root access privileges of other spyware, e.g., capturing photos, contacts, text messages and monitoring the user’s location.
  • If the user has chosen to run battery-saving measures, Skygofree is able to add itself to the list of ‘protected apps’ in order to ensure it can carry on its malicious activity, even when the screen is off or the phone isn’t active.
  • The last known evidence of attacks is in October 2017.

How Zimperium Helps Defeat Skygofree

Zimperium zIPS, powered by our core machine learning-based engine, z9, detects the Skygofree malware, and can prevent it from executing via customer-defined policy enforcement. Additionally, exploits used by the malware to escalate privileges on the device are also correctly detected by z9.

For more information about Zimperium and its offerings, please visit us at www.zimperium.com.