Researchers from Russian cyber security company Kaspersky Lab have found an Android spyware that has the ability to steal WhatsApp messages via Accessibility Services and connect an infected device to Wi-Fi networks controlled by cybercriminals.
Dubbed as "Skygofree", the malware is claimed to have been found on malicious websites in Italy and is most likely an offensive security product sold by an Italy-based IT company that markets various surveillance wares, Kaspersky wrote in its official blog Securelist late on Tuesday.
Kaspersky said that on the basis of the observed samples and the signatures, it found that the early versions of this Android malware were developed by the end of 2014 and the campaign has remained active ever since. According to tech website Arstechnia, the malware has undergone continuous development since its creation with the latest version having 48 different commands.
"High-end mobile malware is very difficult to identify and block and the developers behind "Skygofree" have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion," The Telegraph quoted Alexey Firsh, Malware Analyst at Kaspersky, as saying.
The discovery is concerning because of its ability to record encrypted WhatsApp messages. It is able to do this by tricking an Android feature that was designed to help users with disabilities by making apps more accessible.
The spyware can read messages displayed on the screen through the Android Accessibility feature, including messages a victim sends on WhatsApp, Kaspersky said. The spyware relies on several other exploits to gain privileged root access that allows it to bypass key Android security measures.
"Skygofree" is capable of taking pictures, capturing video and seizing call records, text messages, geolocation data, calendar events and business-related information stored in device memory. It also includes the ability to automatically record conversations and noise when an infected device enters a location specified by the person operating the malware. The spyware also comes with an ability to recording Skype conversations.