add Skygofree android spyware

This commit is contained in:
Deborah Servili 2018-08-13 12:20:16 +02:00
parent 27805ca768
commit 56fe9eb63c
No known key found for this signature in database
GPG key ID: 7E3A832850D4D7D1
2 changed files with 23 additions and 4 deletions

View file

@ -4300,9 +4300,19 @@
] ]
}, },
"uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf651adaf" "uuid": "53e2e7e8-70a8-11e8-b0f8-33fcf651adaf"
},
{
"value": "Skygofree",
"description": "At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago at the end of 2014. Since then, the implants functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals. We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy. Moreover, as we dived deeper into the investigation, we discovered several spyware tools for Windows that form an implant for exfiltrating sensitive data on a targeted machine. The version we found was built at the beginning of 2017, and at the moment we are not sure whether this implant has been used in the wild. We named the malware Skygofree, because we found the word in one of the domains.",
"meta": {
"refs": [
"https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
]
},
"uuid": "3e19d162-9ee1-11e8-b8d7-d32141691f1f"
} }
], ],
"version": 9, "version": 10,
"uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa", "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa",
"description": "Android malware galaxy based on multiple open sources.", "description": "Android malware galaxy based on multiple open sources.",
"authors": [ "authors": [

View file

@ -7995,7 +7995,9 @@
".encryptedyourfiles", ".encryptedyourfiles",
".weencedufiles", ".weencedufiles",
".iaufkakfhsaraf", ".iaufkakfhsaraf",
".cifgksaffsfyghd" ".cifgksaffsfyghd",
".iloveworld",
".weapologize"
], ],
"encryption": "AES(256) + RSA(2096)", "encryption": "AES(256) + RSA(2096)",
"ransomnotes": [ "ransomnotes": [
@ -8013,7 +8015,14 @@
"001-READ-FOR-DECRYPT-FILES.html", "001-READ-FOR-DECRYPT-FILES.html",
"READ-READ-READ.html", "READ-READ-READ.html",
"IF_WANT_FILES_BACK_PLS_READ.html", "IF_WANT_FILES_BACK_PLS_READ.html",
"READ_READ_DEC_FILES.html" "READ_READ_DEC_FILES.html",
"HOW_TO_DECRYPT_FILES.html",
"HELP_FOR_DECRYPT_FILE.html",
"I_WILL_HELP_YOU_DECRYPT.html",
"PLEASE_READ_FOR_DECRYPT_FILES.html",
"WE-CAN-HELP-U.html",
"0001-WE-CAN-HELP-U.html",
"SORRY-FOR-FILES.html"
], ],
"refs": [ "refs": [
"https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip", "https://download.bleepingcomputer.com/demonslay335/SamSamStringDecrypter.zip",
@ -10066,7 +10075,7 @@
"source": "Various", "source": "Various",
"uuid": "10cf658b-5d32-4c4b-bb32-61760a640372", "uuid": "10cf658b-5d32-4c4b-bb32-61760a640372",
"name": "Ransomware", "name": "Ransomware",
"version": 26, "version": 27,
"type": "ransomware", "type": "ransomware",
"description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar" "description": "Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml and http://pastebin.com/raw/GHgpWjar"
} }