Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. [1]

ID: S0327
Platforms: Android
Version: 1.2
Created: 17 October 2018
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1437 .001 Application Layer Protocol: Web Protocols

Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.[1]

Mobile T1429 Audio Capture

Skygofree can record audio via the microphone when an infected device is in a specified location.[1]

Mobile T1407 Download New Code at Runtime

Skygofree can download executable code from the C2 server after the implant starts or after a specific command.[1]

Mobile T1404 Exploitation for Privilege Escalation

Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[1]

Mobile T1430 Location Tracking

Skygofree can track the device's location.[1]

Mobile T1644 Out of Band Data

Skygofree can be controlled via binary SMS.[1]

Mobile T1409 Stored Application Data

Skygofree has a capability to obtain files from other installed applications.[1]

Mobile T1512 Video Capture

Skygofree can record video or capture photos when an infected device is in a specified location.[1]