Ever powerful Skygofree Android malware

January 18, 2018

Since it started researchers considered the malware-spyware as the most advanced mobile implants they have ever witnessed, because it is spread through fake websites impersonating famous and leading mobile network providers. Unknown and untrusted mobile app stores which do not redirect downloads back to Playstore can also get an unsuspecting user to self-implant the android malware spyware into the mobile device through application installation.


Payload of the Malware:

SkygoFree is overflowing with functions in a sense that it is on a new level sophistication in which the researchers haven’t encountered in other malware as a whole. The payload can trace the location of a device it is currently on and it can activate the audio recording when the victim is in a certain place, for example a bank or ATM machine.

It can also steal and find your messages in WhatsApp through accessibility services.

It is also noted that it can command an infected android device to connect to Wi-Fi to conduct traffic sniffing and man-in-the-middle activities.

The malware can take collect call recordings only if the owner/user has the habit of recording calls. Surprisingly it can even take pictures, videos, send over SMS, read and copy the calendar events and business-related data stored in the infected device.


Stealthy Injection

After installing the app, the implant starts. The commands will exploit the root access aka Admin privilege of the Android device which is similar to rooting your own phone, however in this case the malware only has the root access to conduct its functions.

Even if a user will turn off the screen of the phone, the android malware will continue functioning to its full power, because it will bypass the battery saving feature of the phone and whitelist itself so that it can still continue sniffing out information when the screen is turned off.


So far where is the malware based?

It is believed that the origin of the attackers are from Italy, or anywhere near Italy within Europe. I had a personal experience that one of my Steam Accounts for gaming was being hacked and was able to trace the attacker in France.

Researchers say that they found modules of the malware for Windows which is not surprising, because a lot of users are on that platform where it is profitable for criminals.



This sniffing attack could do a lot more badly than phishing attacks, because of the information that it can collect stealthily without the victims’ knowledge or idea. Often times users are targeted by the hackers, but the information being sniffed is just relentless and knows no bounds, that even a person’s privacy is obviously invaded once the payload kicks off.

The criminals can effortlessly steal a victim’s identity which is severely dangerous.



Avoid clicking URLs in emails from unknown sources, or even from known sources that you know you have no business of.

Stay away from shady 3rd party app stores. Stick to your default app store provider on your device.

If you don’t know what you are doing, do not attempt to grant yourself root access.

Corporations should protect their intellectual property from being abused by 3rd party Application sources by monitoring which mobile app stores are not redirecting the application installer back to Google Playstore and Apple Appstore.

Suspicious applications from unknown sources using the name of known business which affects trademark should be taken down to avoid defamation and negative publicity from the public users.

About the author

Leave a Reply