Register to stream ATT&CKcon 2.0 October 29-30


Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. [1]

ID: S0327
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1409 Access Sensitive Data or Credentials in Files Skygofree has a capability to obtain files from other installed applications. [1]
Mobile T1438 Alternate Network Mediums Skygofree can be controlled via binary SMS. [1]
Mobile T1407 Download New Code at Runtime Skygofree can download executable code from the C2 server after the implant starts or after a specific command. [1]
Mobile T1404 Exploit OS Vulnerability Skygofree has the capability to exploit several known vulnerabilities and escalate privileges. [1]
Mobile T1429 Microphone or Camera Recordings Skygofree can record audio via the microphone when an infected device is in a specified location as well as record a video or capture a photo. [1]
Mobile T1437 Standard Application Layer Protocol Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions. [1]