ngCERT Advisory on SKYGOFREE exploit
Platforms: Android OS, Windows OS & MAC OSX Variant
Date: 20 February, 2018
SKYGOFREE is a malicious exploit that is targeted at Android Mobile devices, although MAC OSX and windows OS variants of the exploit also exists. SKYGOFREE is an exploit with about 48 different remote control capabilities. it is capable of tapping into text messages (SMS), emails, camera, photo gallery, GPS, voice calls, surrounding conversations and all functionality of an infected device.
Description and Consequences
SKYGOFREE is an exploit developed by Dark Caracal, a Lebanese based hacking group believed to be linked to the Lebanese government and have been engaged in cyber theft of gigabytes of data in over 21 different countries. SKYGOFREE has been around since 2015 and is used for espionage on a global scale. A research report released by a cybersecurity firm Lookout and the Electronic Frontier Foundation (EFF) shows evidence on how the group is linked to the Lebanese government.
SKYGOFREE android malware variant referred to as Pallas is a Trojanized version of legitimate mobile apps and it has been found in WhatsApp, Signal, Primo, Threema, Plus Messanger, Psiphon VPN, Orbot TOR proxy, fake Flash Player updates and fake Google Play Push apps. Pallas primarily depends on permissions granted to it on installation to access sensitive data on infected devices, according to Lookout/EFF report.