According to the FBR, as per recommendations from Cabinet Secretariat, Cabinet Division, and National Telecom & Information Technology Security Board (NTISB-II) via their advisories, all employees of FBR should be informed regarding the serious risks posed by a new Android spyware 'skygofree' that provides hackers full control of infected devices remotely. The utilization of hacked websites for the generation of crypto-currencies will earn money. A malicious email titled 'Promotion List' containing malware that affects computer systems.
The FBR said that a new Android spyware 'skygofree' has been found that provides hackers full control of infected devices remotely. Skygofree is capable of taking pictures, capturing video, and seizing call records, text messages, geo-location data, calendar events, and business-related information stored in device memory.
Recently, malware writers are utilizing hacked websites for the generation of crypto-currencies to earn money. Hackers, embed malicious scripts into the compromised website so that they can make use of visiting user's CPU resources to mine crypto currency.
The FBR said that a malicious email titled as 'Promotion List' is being sent to officers and staff of government departments. The email contains a malicious doc file. Downloading and opening the file executes malware in the background that results in hacking of the computer. Some of the precautionary measures and recommendations to prevent these security risks are listed below:
FBR IT Security Policy must be strictly followed. Do not download attachments from emails and messengers unless sure about the source, the FBR directed its officials. Use of official email is recommended, the FBR directed. The FBR has asked its officials to maintain regular offline backups or centralized offline back of their critical data. The use of third party antivirus is strictly prohibited. Only PRAL approved licensed antivirus software must be installed on desktops.
Do not click on unknown hyperlinks to restrict the advisory from getting the location, the FBR directed its officials. Regularly update mobile and desktop operating systems. Update all third party applications, software and hardware with the latest patches. The FBR directed the field formations to enable Google Play Protect security feature on the android device. This feature will remove (uninstall) malicious apps from user's Android smartphone to prevent further harm.
Contact your local PRAL technical support team for any assistance, the FBR directed its officials. In case of infection/compromise in computer system by phone or other media, please disconnect the computer from internet and immediately contact PRAL Support Team, the FBR added.