Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. [1]

ID: S0327
Platforms: Android

Version: 1.1

Techniques Used

MobileT1409Access Sensitive Data or Credentials in FilesSkygofree has a capability to obtain files from other installed applications.[1]
MobileT1438Alternate Network MediumsSkygofree can be controlled via binary SMS.[1]
MobileT1407Download New Code at RuntimeSkygofree can download executable code from the C2 server after the implant starts or after a specific command.[1]
MobileT1404Exploit OS VulnerabilitySkygofree has the capability to exploit several known vulnerabilities and escalate privileges.[1]
MobileT1429Microphone or Camera RecordingsSkygofree can record audio via the microphone when an infected device is in a specified location as well as record a video or capture a photo.[1]
MobileT1437Standard Application Layer ProtocolSkygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.[1]