Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. [1]

ID: S0327
Platforms: Android
Version: 1.2
Created: 17 October 2018
Last Modified: 15 October 2019

Techniques Used

Domain ID Name Use
Mobile T1409 Access Stored Application Data

Skygofree has a capability to obtain files from other installed applications.[1]

Mobile T1438 Alternate Network Mediums

Skygofree can be controlled via binary SMS.[1]

Mobile T1429 Capture Audio

Skygofree can record audio via the microphone when an infected device is in a specified location.[1]

Mobile T1512 Capture Camera

Skygofree can record video or capture photos when an infected device is in a specified location.[1]

Mobile T1407 Download New Code at Runtime

Skygofree can download executable code from the C2 server after the implant starts or after a specific command.[1]

Mobile T1404 Exploit OS Vulnerability

Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.[1]

Mobile T1430 Location Tracking

Skygofree can track the device's location.[1]

Mobile T1437 Standard Application Layer Protocol

Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.[1]