Negg, also known as Negg International, is an italian information technology company.
Founded in 2013, Negg’s flagship product, unofficially named Skygofree, was comprised of a Android & iOS spyware and its C2 infrastructure.
In 2018, Kaspersky discovered the “Skygofree” spyware made by Negg.
The spyware was hosted on unique links with “phishing” pages that resembled typical ISP page and warned the user about network connectivity configuration being outdated or broken.[1][2]
The Android spyware required the victim to enable installation of applications from unknown sources, and contained a number of publicly available exploits (CVE-2013-2094, CVE-2013-2595, CVE-2013-6282, CVE-2014-3153, and CVE-2015-3636) to perform privilege escalations.
The Windows version was written in Python and packed to binary files via the Py2exe tool. This sort of distribution allows Python code to be run in a Windows environment without pre-installed Python binaries, but also allows the Python source code to be recovered.
Later in 2018, Vice’s Motherboard repoted that Kaspersky also found an iOS version of the spyware. This required the installation through Apple’s MDM, that can be used to take full control over user devices but is very noticeable.[3][4]
This company is also listed on Surveillance Watch.
