GOT(IT) #16: Agressive new Android spyware, LeakedSource founder arrested, plus Gmail users ignore 2FA

Android.jpegWe’ve discussed good password practices before, and even if the industry is divided when talking about password managers, we can all agree that 2-Factor-Authentication is a must.

GOT(IT) #16! This year continues to surprise the security industry with the increase in malware complexity.What doesn’t surprise us at all is that, in spite all of the industry’s efforts, users continue to fail when making their accounts secure.

Skygofree: the New Offensive and Tool-Packed Malware


After Pegasus, last years hard-hitting espionage Android malware, we didn’t expect to get a new contender that’s actually bigger and meaner: Skygofree. Kaspersky Lab’s report reported their analysis on a tools that’s possibly being distributed by an Italian IT surveillance firm.

Skygofree packs 48 different commands and utilizes five separate exploits to gain root access on Android. The level of espionage tools this malware packs surprised the analysts with features like location-based audio recording, Wi-Fi forced control, and data sniffing that’s as basic as calendar events, and as complicated as Skype recordings.

This implant software is being spread through fake websites that mimic mobile providers and popular portals, like Vodafone Italy. Evidence proved that the tool has been in development since 2015, and this campaigns have been running non-stop since then.


Head of LeakedSource Arrested for Selling Credentials


The Royal Canadian Mounted Police announced this past Monday that a 27-year-old man named Jordan Evan Bloom has been arrested and charged for being the head of

The infamous website is known of collecting and making a profit of about 3 billion ‘stolen’ accounts and credentials, including identity records. The repository itself gives users a chance to check if their accounts have been breached and, in exchange for payment, gives them access to the database.

The ‘small fee’ of 0.76$ a day has apparently made about US$200,000 for Bloom, giving out data from the biggest data breaches, like LinkedIn, MySpace, Twitter, and Weebly.

The commercialization of stolen credentials isn’t news at all, but how the site managed to carry out its operations out in the public. It was a matter of international significance, and Canada’s officials managed to carry the investigation forward thanks to global cooperation.

This piece of news, plus Skygofree’s creators suspicion, gives a clear look at how active the market for cybercrime is.

It’s reaching a point where most activities are starting to spill out to the public, with Government malware purchases, the growing black market of credentials, and the growing number of firms that provide malicious solutions.


Milka: “Only 1 out of 10 Gmail Users Have 2FA ON”

How-to-set-up-two-step-authentication-for-Google-and-Gmail-on-your-iPhone-iPad-and-Mac.jpgBad password and credential security gives us headaches, and boy does this report can make the whole IT crowd get one.

Grzegorz Milka, Google software engineer, revealed this past Wednesday at the Usenix’s Enigma security conference that only 10% of all active Google accounts have setup two-step authentication to secure their Google services.

This is a staggering 1 out of 10 spectrum, even with Google’s changes to the interface and the usability options that deliver code through message, a simple tap to login button in your phone, and other methods for confirmation.

With this data at hand, Google started to make some heavy changes to their dodgy-behavior detection. It’s crucial to alert users if something odd’s going on with their account, or their logins.

However the biggest concern for the industry is the consumer’s perception of the tool. There’s a huge lack of education regarding the risks that not having 2FA enabled mean. Especially when password security as a concept started crumbling in the past years.

2FA came to tackle weak passwords, repetitive patterns, and the typical “one easy password for everything” issue.

What’s more, the increasing amount of credential leaks made the matter worse, since attackers can skim through stolen databases and take advantage of repetitive, out-of-date passwords to access a user’s different accounts.


If you haven’t activated 2 Factor Authentication yet, what are you waiting for!? Start with Google & Prey, and double check which of your services offer this possibility.


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.