classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 
This Week's Editor's Pick
News
Conferences & Events
Training & Education
Associations
Access Control & Identity Management
Asset Management, EAS, RFID
CCTV, Surveillance & Remote Monitoring
Cyber Security
Fire & Safety
Integrated Solutions
IT infrastructure
Perimeter Security, Alarms & Intruder Detection
Security Services & Risk Management
Products
Handbooks
Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017



Powerful Android surveillance software
February 2018, This Week's Editor's Pick, News

Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product. The implant, named Skygofree includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages, mimicking leading mobile network operators.

Skygofree is sophisticated, multi-stage spyware that gives attackers full remote control of an infected device. It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild. Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMSs, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

“High end mobile malware is very difficult to identify and block, and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam”, said Alexey Firsh, malware analyst, targeted attacks research, Kaspersky Lab.

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on securelist.com
Share: Share via email   Share via Twitter   Share via LinkedIn   Print  print  

Further reading:

  • CCTV reviews and the display of relevant information
    July 2018, Leaderware, This Week's Editor's Pick
    Recorded video is often far from ideal. There are a number of things that can affect the quality and state of video and influence whether the review or analysis can lead to relevant facts.
  • Where safety, security and Industry 4.0 meet
    July 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Industrial (Industry)
    Integrated security offers more than simply a means to keep unwanted people out of industrial settings, its benefits extend to supporting and enhancing daily operations.
  • Protecting the machines
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Industrial (Industry)
    Security operations at industrial sites need to include cybersecurity and it needs to be treated with the same importance as the physical security of the site as well as health and safety standards.
  • Advances in NVR and VMS capabilities
    July 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Products
    Hi-Tech Security Solutions looks at what the latest trends are in the NVR and VMS worlds, along with some of the latest products.
  • SLAs - Read the fine print
    July 2018, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    By insisting on an appropriate maintenance contract, security technology can be used to the full extent of its possible life.
  • Securing your digital assets
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, IT infrastructure
    Cyberattacks can’t be prevented, but companies and individuals have ways to keep the attackers out. However, the coming year will see more attacks and more losses because of poor cyber planning.
  • The generations that matter
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
    According to Doros Hadjizenonos, country manager, SADC at Check Point, we have entered the fifth generation of cyberattacks.
  • Online platform for targeted staff recruitment
    July 2018, Technews Publishing, This Week's Editor's Pick, News, Training & Education
    Hi-Tech Security Solutions launches online platform for targeted staff recruitment.
  • How data leaks can be avoided
    July 2018, This Week's Editor's Pick, Cyber Security, News, Security Services & Risk Management
    MyID runs as a service, monitoring your ID number, email address, mobile number and credit card number for fraudulent usage or fraudulent input on the Web.
  • Ring expands to South Africa
    July 2018, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    Ring provides complete preventive home security products and solutions which will make it easier for residents to monitor and secure their homes from anywhere.
  • Beyond building security
    July 2018, Johnson Controls, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
    In Ireland’s smartest building, One Albert Quay, Cork, security and building management technology does more than police perimeters and keep the office at the right temperature.
  • Analyse hours of video in minutes
    July 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    BriefCam has taken its unique fusion of Video Synopsis and Deep Learning to the next level with BriefCam v5.
 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa		 Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)		 Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.