Researchers Discover Android Variant of Dreaded iOS Spyware Pegasus

The infamous Pegasus malware, a strain of spyware that is known to target iOS devices now has a cousin in Chrysaor, an Android variant that can steal and compromise the world’s most widely used mobile operating system.

The Android spyware was disclosed by security firm Lookout and Google on Monday. Israeli security firm NSO Group, notable for developing smartphone surveillance backdoors and products are suspected of devising the spyware.

The Android variant of Pegasus can steal data from messaging apps, listen in on a phone’s microphone and even compromise a phone’s camera, researchers discovered. To avoid suspicion, developers of the malware even devised the mobile exploit to erase itself.

Once installed, a rogue remote operator gains the means to carry surveillance of the victim’s activities on the device and within its vicinity. Beyond the microphone and the camera, the spyware even combs for data and logs and tracks application activities on communication apps that carry out phone calls and messaging functionalities.

However fortunately, according to Google, the spyware never did materialize in the mainstream. Installed less than three dozen times on targeted devices, most of the victim devices were discovered in Israel. Other compromised devices resided in Mexico, Turkey, Georgia and Kenya, among other countries.

Google developers wrote:

Chrysaor was never available in Google Play and had a very low volume of installs outside of Google Play. Among the over 1.4 billion devices protected by Verify Apps, we observed fewer than 3 dozen installs of Chrysaor on victim devices. 

It is speculated that the malware may have compromised targets’ devices through a phishing attack. The spyware also has the abilities of a typical keylogger program, siphoning data from popular communication apps like Gmail, Facebook and Whatsapp.

Its features, including the self-detonating suicide button, are similar to those found in Pegasus, created by NSO Group Technologies.

“Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout,” Google researchers wrote.

Pegasus was labeled the ‘most sophisticated attack’ ever seen on a mobile device by security firm Lookout, at the time. The spyware was discovered when a UAE-based human rights activist’s iPhone was targeted and infected by the spyware. Apple immediately dispatched an unprecedented global iOS update after the discovery of the spyware.

Image credit: Pexels.