Researchers at Kaspersky have unearthed what they say is the world’s most powerful Android spyware tools – and it’s making waves in Italy where some believe it was authored.
According to Kaspersky, the spyware tool enables attackers to crack Android devices and exfiltrate WhatApp messages.
The tool dates back to 2014. It’s able to take audio from a smartphone’s microphone when it’s in a certain location and attackers can also force infected devices to suureptitiously connect to particular WiFi networks to enable even more data slurping.
The app can get access to encrypted WhatsApp messages, thanks to a Google accessibility service, too. “The payload uses the Android Accessibility Service to get information directly from the displayed elements on the screen, so it waits for the targeted application to be launched and then parses all nodes to find text messages,” said Kaspersky.
“Essentially, Accessibility Services provide a nice route into other applications as they have permission to do so, via an application programming interface (API).”
Although Kaspersky has refrained from laying blame, researchers did find links to Rome-based technology company Negg, one of a nest of software vendors in Italy that specialise in legal hacking tools, the most high-profile of which was Hacking Team.
Archived copies of Negg’s website provide further insight into its alleged links to the spyware, according to Forbes. They suggest that the company offered cyber security and app development services.
While this information doesn’t point to surveillance tools, the company has developed its own forensics offerings in the past. It’s used these capabilities to collect evidence from computers.
And, according to Forbes, two years ago the company was on the lookout for Android and iOS software engineers. It needed a candidate who had “knowledge of the techniques of dynamic and static analysis of malware”.
Insiders claim that Negg has worked with the Italian authorities more recently. The researchers said: “They’re working with the police now, I presume filling the gap left behind by Hacking Team at this point.”
These claims are congruent with Kaspersky’s research, which suggests that the tool originates from Italy. Dubbed ‘Skygofree’ by Kaspersky, the company said it’s one of the most powerful examples of Android spyware it’s ever come across.
“As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [and] never-before-seen surveillance features,” claimed the company when it released its research today.
Save this article