A newly discovered variety of Android malware that Kaspersky Lab calls “one of the most powerful spyware tools that we have ever seen for this platform” can surreptitiously record audio when a device enters locations attackers choose, the security company warns.
Attackers using the tool, which Kaspersky calls Skygofree, can also remotely command the malware to extract files, connect to Wi-Fi networks under their control, snap photos, and copy WhatsApp messages. So far, the malware, which may be distributed through bogus mobile carrier websites, has been spotted in the wild exclusively in Italy.
“Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam,” according to a Kaspersky blog post.
HackingTeam is a controversial Italian company that reportedly sold surveillance tools to governments around the world, from Azerbaijan and Russia to Colombia and the United States. Recently, governments around the world have been caught deploying similar sorts of spyware to monitor activists and dissidents.
Kaspersky detected less than 10 victims so far, the company tells Fast Company. Chrysora, an Android spyware used in targeted attacks reported last year—reportedly manufactured by Israeli cyberdefense firm NSO Group—was found on under 36 Android devices, Google reported at the time.
“The spoofed pages were available worldwide, but we observed only pages in Italian so the target of these attacks were Italian-[speaking] people,” Kaspersky tells Fast Company. The firm advises users to be wary of unknown links and to run anti-malware tools to detect any attacks.
The U.S. Department of Homeland Security banned federal agencies from using Kaspersky Lab products in September, pointing to potential risks of working with the Russia-based firm. The company has repeatedly denied any links with the Russian government, says it plans to challenge the DHS ban, and has announced a transparency review.SM