Menu
Notorious iOS spyware has an Android sibling

Notorious iOS spyware has an Android sibling

The Android variant can steal data from messaging apps, spy from a phone’s camera or microphone, and self-destruct.

IDG

IDG

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.

Users were probably tricked into downloading the malicious coding, perhaps though a phishing attack. Once it installs, the spyware can act as keylogger, and steal data from popular apps such as WhatsApp, Facebook and Gmail.

image00 Google

In addition, it possesses a suicide function that’ll activate if it doesn’t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator.

The surveillance features are similar to those found in Pegasus, which has also been linked with NSO Group.

At the time, Lookout called the spyware the most sophisticated attack it’s ever seen on a device. The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user.

The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it. His phone had received an SMS text message, which contained a malicious link to the spyware.

Apple quickly issued a patch. But Lookout had also been investigating into whether NSO Group developed an Android version. To find out, the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps.

Those findings were then shared with Google, which managed to identify who was affected. However, unlike the iOS version, the Android variant doesn’t actually exploit any unknown vulnerabilities. Instead, it taps known flaws in older Android versions.

Chrysaor was never available on Google Play, and the small number of infected devices found suggests that most users will never encounter it, the search giant said.

NSO Group doesn’t maintain a public website, but emails to the company went unanswered.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments