Kaspersky Lab has recently discovered a new Android malware belonging, specifically, to the category of Trojans. The new suspect bears the name of Skygofree and is the result of an all-Italian “production”.

There are many functions that characterize Skygofree, some of which are not easy to find in other malware, for example, it can track the location of a device on which it is installed and activate audio recording when the owner of the device is in a certain location. A real spy that allows cyber criminals to listen in on what’s going on in the victim’s office and/or home. Another peculiar aspect of Skygofree concerns the possibility to connect the infected smartphone or tablet to a Wi-Fi network controlled by cyber criminals even when the owner has deactivated the connection on the device: this allows criminals to get hold of information such as the last sites visited by the victim as well as his login credentials, passwords and credit card numbers. Then there are a couple of features that allow the malware to operate in standby mode overcoming obstacles such as automatically stopping certain processes in order to save battery. There is no shortage of possibilities for Skygofree to monitor popular apps such as Facebook Messenger, Skype, Viber and WhatsApp. Last, but not least, is Skygofree’s ability to secretly activate the front-facing camera and take a picture of the user when they unlock their device.

The Kaspersky Lab team lets it be known that the discovery of Skygofree dates back to the end of 2017, but it seems that the malware was in action as early as 2014. Skygofree spreads via fake mobile phone company websites that promise, through an update, the ability to increase the Internet speed on your phone. So far, the detected infections only affect our country, but this does not mean that users from other countries should let their guard down, as cyber criminals can decide to change their target at any time. Therefore, the usual advice to protect yourself properly is provided:

  1. install apps only from official stores;
  2. watch out for misspellings in app names and check the number of downloads if they are small and require suspicious permissions;
  3. install a safety solution!

Sara Avanzi