Hackers have been setting up fake web pages that mimic wireless service providers’ sites in an effort to get Android smartphone and tablet users to download spyware called Skygofree. The web pages tell users they are downloading a network configuration update that will prevent malfunctions to their Internet connections so they can keep navigating the web at maximum speed.
Skygofree has been around since 2014, but hackers have now developed it into one of the most powerful spyware tools ever seen for the Android platform, according to researchers. Hackers can use it to remotely carry out 48 different commands.
What Hackers Can Do on Infected Devices
Like most spyware, Skygofree allows hackers to capture calls, upload calendar events, steal contacts, and collect other types of data about the devices and their users. However, Skygofree has additional advanced capabilities that make it quite dangerous.
For example, hackers can use Skygofree to steal the files of any app installed on an infected device. Researchers believe that mobile device management (MDM) software is of particular interest to the cybercriminals because the name of the process that captures app files is AndroidMDMSupport. MDM software is used by businesses to secure and control mobile devices.
Cybercriminals can also use the spyware to track an infected device’s location and start recording audio clips when it is in a specific place. For example, hackers might have the device start recording audio clips whenever the device’s owner takes it to work.
Hackers can even connect an infected device to their Wi-Fi networks, regardless of whether the owner disabled Wi-Fi connections on the smartphone or tablet. Once connected, cybercriminals can collect information, such as what websites the owner is visiting and the login credentials being used to access those sites.
To make sure that Skygofree can run uninterrupted, cybercriminals designed it to work around an Android feature that could interfere with the spyware’s operations. Starting with version 8.0, Android automatically disables background processes that are running but idle. To prevent Android from disabling its background processes, Skygofree periodically sends system notifications.
How to Protect Your Business’s Android Devices
Although Skygofree is advanced spyware, some basic preventative measures can protect your business’s Android devices:
- Let employees know that legitimate wireless service providers won’t ask users to manually download and install configuration updates. The updates are automatically sent to users’ devices.
- Make sure that the security software installed on your mobile devices is up-to-date.
- Make sure the devices’ firewalls are configured to block known malicious websites.
We can make sure that all your mobile devices are properly configured and have the latest security software updates.