April 4, 2017 by

Researchers Discover Android Variant of Dreaded iOS Spyware Pegasus

The infamous Pegasus malware, a strain of spyware that is known to target iOS devices now has a cousin in Chrysaor, an Android variant that can steal and compromise the world’s most widely used mobile operating system.

The Android spyware was disclosed by security firm Lookout and Google on Monday. Israeli security firm NSO Group, notable for developing smartphone surveillance backdoors and products are suspected of devising the spyware.

The Android variant of Pegasus can steal data from messaging apps, listen in on a phone’s microphone and even compromise a phone’s camera, researchers discovered. To avoid suspicion, developers of the malware even devised the mobile exploit to erase itself.

Once installed, a rogue remote operator gains the means to carry surveillance of the victim’s activities on the device and within its vicinity. Beyond the microphone and the camera, the spyware even combs for data and logs and tracks application activities on communication apps that carry out phone calls and messaging functionalities.

However fortunately, according to Google, the spyware never did materialize in the mainstream. Installed less than three dozen times on targeted devices, most of the victim devices were discovered in Israel. Other compromised devices resided in Mexico, Turkey, Georgia and Kenya, among other countries.

Google developers wrote:

Chrysaor was never available in Google Play and had a very low volume of installs outside of Google Play. Among the over 1.4 billion devices protected by Verify Apps, we observed fewer than 3 dozen installs of Chrysaor on victim devices. 

It is speculated that the malware may have compromised targets’ devices through a phishing attack. The spyware also has the abilities of a typical keylogger program, siphoning data from popular communication apps like Gmail, Facebook and Whatsapp.

Its features, including the self-detonating suicide button, are similar to those found in Pegasus, created by NSO Group Technologies.

“Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS and analyzed by Citizen Lab and Lookout,” Google researchers wrote.

Pegasus was labeled the ‘most sophisticated attack’ ever seen on a mobile device by security firm Lookout, at the time. The spyware was discovered when a UAE-based human rights activist’s iPhone was targeted and infected by the spyware. Apple immediately dispatched an unprecedented global iOS update after the discovery of the spyware.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Second Largest Android Malware Outbreak Infects 21 Million Victims

Security researchers claim to have discovered the second largest outbreak to hit Google’s Android...

Read more arrow_forward

Dangerous Android Banking Trojan, SVPENG, modified with a Keylogger

In mid-July this year, it was discovered that a well-known banking malware,...

Read more arrow_forward

Android Ransomware App Threatens Spread of Pictures & Messages

Security researchers have uncovered a new form of ransomware that does not encrypt files to extort...

Read more arrow_forward