SkyGoFree Trojan

SkyGoFree is a trojan that targets the Android operating system and has the capability to allow a remote attacker to gain full control of infected devices.

SkyGoFree is delivered through fake mobile carrier websites, where it is disguised as a system update. When launched by the user it removes its own icon, to appear as though the update has finished, but continues running in the background. It then attempts to gain root access to the infected device. SkyGoFree can also record audio, connect to hostile WiFi networks, steal WhatsApp messages and install additional malware.

Many web landing pages mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015.

After downloading and unpacking, the main module executes the exploit binary file. Once executed, the module attempts to get root privileges on the device by exploiting the following vulnerabilities:

CVE-2013-2094
CVE-2013-2595
CVE-2013-6282
CVE-2014-3153 (futex aka TowelRoot)
CVE-2015-3636

URL’s to block this been download (Do not visit the following URL’s) :-

http://217.194.13.133/tre/internet/Configuratore_3.apk

http://217.194.13.133/tre/internet/

http://217.194.13.133/190/configurazione/vodafone/smartphone/VODAFONE%20Configuratore%20v5_4_2.apk

http://217.194.13.133/190/configurazione/vodafone/smartphone/index.html

http://217.194.13.133/190/configurazione/vodafone/smartphone/Vodafone%20Configuratore.apk

http://217.194.13.133/190/configurazione/vodafone/smartphone/index.html

Affected Platforms

Google Android – All versions




Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/systemte/public_html/wp-includes/functions.php on line 4339