ATT&CK v16 has been released! Check out the blog post for more information.

Skygofree

Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. ^[1]

ID: S0327

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.2

Created: 17 October 2018

Last Modified: 24 October 2022

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1437	.001	Application Layer Protocol: Web Protocols	Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.^[1]
Mobile	T1429		Audio Capture	Skygofree can record audio via the microphone when an infected device is in a specified location.^[1]
Mobile	T1407		Download New Code at Runtime	Skygofree can download executable code from the C2 server after the implant starts or after a specific command.^[1]
Mobile	T1404		Exploitation for Privilege Escalation	Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.^[1]
Mobile	T1430		Location Tracking	Skygofree can track the device's location.^[1]
Mobile	T1644		Out of Band Data	Skygofree can be controlled via binary SMS.^[1]
Mobile	T1409		Stored Application Data	Skygofree has a capability to obtain files from other installed applications.^[1]
Mobile	T1512		Video Capture	Skygofree can record video or capture photos when an infected device is in a specified location.^[1]

References

Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.