Kaspersky Lab researchers have discovered a new spyware for Android which offers never-seen-before like spying capabilities like location-based audio recording, stealing WhatsApp messages, and more. 

The malware was first created at least three years ago at the end of 2014, and it has since then its sophistication has only grown. Over the years, the attackers behind this spyware have added new features to it like the ability to steal one’s WhatsApp messages through Accessibility Services, connecting the infected device to a Wi-Fi network controlled by cybercriminals, and more.

Attackers behind this spyware have been spreading it to Android devices through web pages that are similar to that of mobile operators like Vodafone.

Kaspersky has named the malware as “Skygofree.” This sophisticated malware can record conversations when a device enters a particular location as specified by the attacker. It also offers sophisticated remote control capabilities like a reverse shell, keylogger, and even a method for recording Skype conversations.

The Skygofree Android implant is one of the most powerful spyware tools that we have ever seen for this platform. As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, never-before-seen surveillance features such as recording surrounding audio in specified locations.

Looking at the code discovered, Kaspersky researchers speculate that the Skygofree malware has been created by an Italian IT company working on surveillance solutions. The long development cycle and continuous enhancements also suggest that the malware is being continuously used by its creators to snoop in on unsuspected Android users. As of now, it is unclear how many Android devices are affected by Skygofree.