Trusted Design

Skygofree: Following in the footsteps of HackingTeam

概要

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.

Created: 2026-02-23

Indicators

• URL - http://h3g.mobi/ -
• domain - h3g.co -
• URL - http://vodafone.press/ -
• domain - h3g.mobi -
• domain - tre.support -
• URL - http://JRO03C.JP -
• URL - http://timbox.info/ -
• FileHash-MD5 - 708445b8d358c254e861effffd4f819b -
• FileHash-MD5 - e12b9af5df1c638ef5a099961ffbe344 -
• URL - http://155wind.mobi/ -
• FileHash-MD5 - 2c21f61a8df19d07fd0f42b631151517 -
• hostname - skygofree.sytes.net -
• FileHash-MD5 - 16311b16fd48c1c87c6476a455093e7a -
• URL - http://119.business/ -
• URL - http://tre.support/ -
• domain - timbox.info -
• domain - voda.mobi -
• FileHash-MD5 - f673bb1d519138ced7659484c0b66c5b -
• FileHash-MD5 - e2d6f1263000086e3146d5b5a3b78038 -
• domain - 119.network -
• FileHash-MD5 - ce241b48377ca216d8f2017991c1cef0 -
• domain - 155wind.mobi -
• FileHash-MD5 - d3baa45ed342fbc5a56d974d36d5f73f -
• FileHash-MD5 - 0be2b5394dafb76efc54bd6113ac8689 -
• URL - http://voda.mobi/ -
• URL - http://negg2.ddns.net/ -
• FileHash-MD5 - d9c7349e807e0f12eaa67b2de522954f -
• FileHash-MD5 - 6bcc3559d7405f25ea403317353d905f -
• FileHash-MD5 - 7e6cb66a3623258444639d1fc2fd533f -
• URL - http://119.network/ -
• FileHash-MD5 - 3f0e8a3ad9fab04377b8e9a57a26f972 -
• FileHash-MD5 - 55fb01048b6287eadcbd9a0f86d21adf -
• FileHash-MD5 - a2a8e8ac6f5fa5801395252e11afb356 -
• URL - http://kenamobile.mobi/ -
• domain - 119.business -
• URL - http://negg.ddns.net/ -
• URL - http://skygofree.sytes.net/ -
• FileHash-MD5 - a287a434a0d40833d3ebf5808950b858 -
• FileHash-MD5 - c091489a82263899d02b363b289a37f6 -
• URL - http://wind.support/ -
• domain - h3g.info -
• FileHash-MD5 - d574d0049f797611589803643a8aa3c3 -
• hostname - negg.ddns.net -
• FileHash-MD5 - 395f9f87df728134b5e3c1ca4d48e9fa -
• domain - lycamobile.mobi -
• URL - http://postemobile.help/ -
• FileHash-MD5 - 6964866106c0a353a7b91b580933c5d6 -
• domain - kenamobile.mobi -
• URL - http://url.plus/ -
• hostname - negg2.ddns.net -
• URL - http://digimobil.mobi/ -
• domain - digimobil.mobi -
• URL - http://negg1.ddns.net/ -
• domain - url.plus -
• FileHash-MD5 - 90f26adb324a8b36d2cafdd755aa1e61 -
• URL - http://h3g.co/ -
• hostname - vodafoneinfinity.sytes.net -
• FileHash-MD5 - d99a3c4348c88cdfa59e90d1b3b94fc3 -
• URL - http://windupdate.serveftp.com/ -
• domain - vodafone.press -
• FileHash-MD5 - 0bc28ac5f2cadd524e7f443e06ad2a2b -
• URL - http://vodafoneinfinity.sytes.net/ -
• FileHash-MD5 - 70a937b2504b3ad6c623581424c7e53d -
• URL - http://lycamobile.mobi/ -
• URL - http://h3g.info/ -
• domain - postemobile.help -
• domain - 190.network -
• domain - wind.support -
• hostname - negg1.ddns.net -
• FileHash-MD5 - 39fca709b416d8da592de3a3f714dce8 -
• URL - http://negg.ddns.net/app/srv/register.php -
• FileHash-MD5 - 4f76bdfc40529984bf8e8a05d665cef8 -
• FileHash-MD5 - 6414f4bfbdd08d70c40b107e86276dbb -
• URL - http://190.network/ -
• hostname - windupdate.serveftp.com -

類似Pulses

• BusyGasper – the unfriendly spy (score: 0.64)
• Ratcheting Down on JSocket: A PC and Android Threat (score: 0.63)
• Group 123 (update June 4th 2018) (score: 0.61)
• Exaspy – Commodity Android Spyware Targeting High-level Executives (score: 0.61)
• Who’s who in the Zoo (score: 0.60)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る