Security researchers have come across a fascinating and frightening spyware that has abilities never seen in the wild before now.
The spyware targets Android devices.
And during the investigation, researchers also came across spyware tools designed for Windows machines.
What new Android spyware can do
Kaspersky Lab researchers call the spyware "Skygofree" because they found that word in one of the domains that is distributing the malware. The code has apparently spent several years in development and deployment and now has become very sophisticated.
Key findings include: "The ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals."
In all, researchers say hackers can run 48 different commands on an infected device.
How the Android spyware goes undetected
The spyware most often becomes a hidden app that runs in the background, secretly doing what authors tell it to do.
Interestingly, at least one variant has this invisible self-protection feature only if on a Huawei device. A bill just introduced in Congress would ban the U.S. government from contracting with the Chinese company.
One of those commands, by the way, uses the front facing camera to take a snap shot the next time someone unlocks the device.
How do you end up downloading this spyware? It looks like you get spoofed: "We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants."
Kaspersky researchers also say, "We have found multiple components that form an entire spyware system for the Windows platform."
They detail it all in their very intriguing post on the discovery.
