Security researchers from Kaspersky Lab have discovered a new and powerful strain of Android spyware that they believe was created by an Italian IT company which they suspect is active in the surveillance software market.

Researchers named this new spyware Skygofree based on some of the domain names used in its infrastructure. They tracked down evidence of Skygofree’s activity back to 2014, but they said the malware was most active in 2016.

Skygofree used in Italy alone

All distribution campaigns they uncovered targeted Italian users only and based on Kaspersky statistics, only Italian users appear to have been infected.

Researchers also said the spyware’s code contained multiple strings and comments written in Italian, which suggests the spyware was purposely developed to target Italian users only.

Kaspersky said it encountered many “negg” strings and artifacts in the Skygofree campaigns. Negg International is the name of an Italian IT software company that advertises a wide range of services, including in cyber-security and mobile and web app development.

While Kaspersky has not officially pegged Negg as Skygofree’s author, all evidence hints at this conclusion. Bleeping Computer has reached out to the company for clarification.

It may very well be true that Kaspersky has uncovered a cyber-tool that Negg might have developed for Italian law enforcement to help them catch suspects of official investigations. In the infosec community, such tools are called “lawful intercept” or “lawful surveillance” solutions. Skygofree’s small number of infections and limited use only inside Italy’s borders suggests…