Skygofree

Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. [1]

ID: S0327
Type: MALWARE
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1409 Access Sensitive Data or Credentials in Files Skygofree has a capability to obtain files from other installed applications.[1]
Mobile T1438 Alternate Network Mediums Skygofree can be controlled via binary SMS.[1]
Mobile T1407 Download New Code at Runtime Skygofree can download executable code from the C2 server after the implant starts or after a specific command.[1]
Mobile T1404 Exploit OS Vulnerability Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[1]
Mobile T1429 Microphone or Camera Recordings Skygofree can record audio via the microphone when an infected device is in a specified location as well as record a video or capture a photo.[1]
Mobile T1437 Standard Application Layer Protocol Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.[1]

References