Nascondino: Negg S.r.l.

VAT number:  02758100800
Products: "Skygofree" (*unofficial*), Vbiss
Capabilities: Spyware

Negg, also known as Negg International, is an Italian information technology company.
Founded in 2013, Negg’s flagship product, unofficially named Skygofree, was comprised of an Android & iOS spyware and its C2 infrastructure.

In 2018, Kaspersky discovered the “Skygofree” spyware made by Negg.
The spyware was hosted on unique links with “phishing” pages that resembled a typical ISP page and warned the user about network connectivity configuration being outdated or broken.[1][2]

The Android spyware required the victim to enable installation of applications from unknown sources, and contained a number of publicly available exploits (CVE-2013-2094, CVE-2013-2595, CVE-2013-6282, CVE-2014-3153, and CVE-2015-3636) to perform privilege escalations.

The Windows version was written in Python and packed to binary files via the Py2exe tool. This sort of distribution allows Python code to be run in a Windows environment without pre-installed Python binaries, but also allows the Python source code to be recovered.

Later in 2018, Vice’s Motherboard reported that Kaspersky also found an iOS version of the spyware. This required the installation through Apple’s MDM, that can be used to take full control over user devices but is very noticeable.[3][4]

In 2024, Google’s Threat Analysis Group identified Negg Group among commercial surveillance vendors using zero-day exploits targeting Google/Apple devices.[5][14]
That same year, Meta’s Q4 2023 Adversarial Threat Report detailed actions against Negg Group, dismantling fraudulent accounts used to test and deploy spyware on iOS, Android, and Windows, typically targeting victims in Italy and Malaysia.[6][13]
The U.S. State Department also imposed visa restrictions targeting commercial spyware actors, with Google’s TAG specifically identifying Negg as one of the vendors “enabling the proliferation of dangerous tools”.[7]

In 2025, following the termination of Italy’s contract with Paragon Solutions, Negg reportedly replaced Paragon as the Italian government’s spyware provider.[8]
MEPs also questioned EU subsidies going to spyware companies, finding that Negg Group had received an EU grant.[9][10]

This company is also listed on Surveillance Watch.

External References #

  1. securelist.com
  2. forbes.com
  3. vice.com
  4. vice.com
  5. bleepingcomputer.com
  6. cyberscoop.com
  7. thehackernews.com
  8. ynetnews.com
  9. theregister.com
  10. ftm.eu
  11. irpimedia.irpi.eu
  12. therecord.media
  13. darkreading.com
  14. Google TAG report (PDF)