There was a good write up on The Register http://www.theregister.co.uk/2018/01/16/skygofree_android_spyware/ and a link to this explanation https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/
It appears to have made extensive use of tools created by others and put out more or less publicly and to be targetting Italian activities. The source of the nasty appears to be user carelessness in selecting the wrong website and then agreeing to install the initial form. However, as a none user of Italian resources, or WhatsApp, FaceBook for that matter I can feel more sanguine about the affair. The fact that it turns on some features based on geographic location suggests a desire not to overload its inbound servers with excess crap. To that point it appears quite well thought out. Apparently Kaspersky Lab have identified the item and tracked it back for close on 4 years. If it is targetting the Mafia I do not have any sympathy with the targets, some write ups suggested other money related or industrial targets, but I saw no details of the geofencing locations to allow possible targets to be identified.
.
