S0327 Skygofree
Skygofree is Android spyware that is believed to have been developed in 2014 and used through at least 2017. 1
| Item | Value |
|---|---|
| ID | S0327 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.2 |
| Created | 17 October 2018 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1437 | Application Layer Protocol | - |
| mobile | T1437.001 | Web Protocols | Skygofree can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.1 |
| mobile | T1429 | Audio Capture | Skygofree can record audio via the microphone when an infected device is in a specified location.1 |
| mobile | T1407 | Download New Code at Runtime | Skygofree can download executable code from the C2 server after the implant starts or after a specific command.1 |
| mobile | T1404 | Exploitation for Privilege Escalation | Skygofree has the capability to exploit several known vulnerabilities and escalate privileges.1 |
| mobile | T1430 | Location Tracking | Skygofree can track the device’s location.1 |
| mobile | T1644 | Out of Band Data | Skygofree can be controlled via binary SMS.1 |
| mobile | T1409 | Stored Application Data | Skygofree has a capability to obtain files from other installed applications.1 |
| mobile | T1512 | Video Capture | Skygofree can record video or capture photos when an infected device is in a specified location.1 |