Home / malwarePDF  


First posted on 26 January 2018.
Source: Microsoft

Aliases :

There are no other names known for Trojan:AndroidOS/Skygofree.

Explanation :

This threat is a trojan comes in a form of an android spyware which gives the malicious hacker or cybercriminals full remote access to your mobile device. It uses techniques previously unseen in the wild to record the activity of WhatsApp users.

Cybercriminals can control your device and can run various commands remotely, like taking pictures, recording audio when you are at a particular location, spy on messages with the use of the Accessibility Services, and even connect to different infected devices to Wi-Fi networks controlled by cybercriminals.


Connects to a remote host

We have seen this threat connect to a remote host, including the following C2 servers:

  • negg1.ddns.net
  • url.plus
Malware connects to a remote host to allow backdoor access and control of and send stolen information from your mobile device to the malicious hacker or cybercriminal

Allows backdoor access and control

This threat can give a malicious hacker access and control of your PC. They can then perform a number of different actions, such as:
  • Downloading and uploading files
  • Enumerating running processes
  • Executing arbitrary commands
  • Gathering system information such as IP address and computer name
  • Changing some of your device settings

This analysis was published using the following file SHA256:

  • f241af9ba7501e28974729c229b445ee709a7ef438448b6e9f88ff7ff7228cb2
  • e6aba7629608a525b020f4e76e4694d6d478dd9561d934813004b6903d66e44c
  • af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e
  • 2d087d89364b22d180a7e8e923a6dca5fd6d131dad12db9dd2a2ae5c4b9d9675
  • 1fa0d2414e029c042eb78d4f53010c3af161edb815e97a021c24f8a03033a07
  • 78a81cc9b7caac10a7c68be8496d948121abc5f4df9a098f2e1469ddbea55be0
  • 2d087d89364b22d180a7e8e923a6dca5fd6d131dad12db9dd2a2ae5c4b9d9675

Last update 26 January 2018