Trojans and Malware are not new to Android; they keep attacking the operating system taking advantage of the loophole. However, the Skygofree Android Trojan is very peculiar and something unique. Discovered by Kaspersky, Skygofree can track the location of the device, turn on audio recording, control WiFi networks and can also manage apps like Facebook Messenger, Skype, Viber, and WhatsApp.
It can manually turn on the audio recording that attackers can start listening in on victims depending on the location of the user’s phone. It can control WiFi networks and connect the affected phone or tablet to the Wi-Fi network controlled by the attackers even when the user has disabled all WiFi connections. This means that the hacker or attacker will have complete knowledge of the logins, passwords, card numbers, etc.
Android Oreo and Nougat can automatically stop inactive processes to save battery power, but the trojan can even bypass this by periodically sending system notifications. It can add itself automatically to the list of favorite apps that function when the phone is in standby mode.
It can also monitor popular apps such as Facebook Messenger, Skype, Viber, and WhatsApp. It reads WhatsApp messages through user accessibility Services hiding the request for permission behind some basic request. Surprisingly the trojan can also turn on the front camera and click photo when the user unlocks the device. Other abilities include intercept calls, SMS messages, calendar entries, and other user data.
The malware is said to have been distributed through fake mobile operator websites, where Skygofree is disguised as an update to improve mobile Internet speed. If the user takes the bait, the trojan sets up its camp on the phone and requests further instructions from the command server. As a precaution, it is suggested to install apps and other files from a safe source.