Menu
Notorious iOS spyware has an Android sibling

Notorious iOS spyware has an Android sibling

The Android variant can steal data from messaging apps, spy from a phone’s camera or microphone, and self-destruct.

IDG

IDG

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.

Users were probably tricked into downloading the malicious coding, perhaps though a phishing attack. Once it installs, the spyware can act as keylogger, and steal data from popular apps such as WhatsApp, Facebook and Gmail.

image00 Google

In addition, it possesses a suicide function that’ll activate if it doesn’t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator.

The surveillance features are similar to those found in Pegasus, which has also been linked with NSO Group.

At the time, Lookout called the spyware the most sophisticated attack it’s ever seen on a device. The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user.

The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it. His phone had received an SMS text message, which contained a malicious link to the spyware.

Apple quickly issued a patch. But Lookout had also been investigating into whether NSO Group developed an Android version. To find out, the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps.

Those findings were then shared with Google, which managed to identify who was affected. However, unlike the iOS version, the Android variant doesn’t actually exploit any unknown vulnerabilities. Instead, it taps known flaws in older Android versions.

Chrysaor was never available on Google Play, and the small number of infected devices found suggests that most users will never encounter it, the search giant said.

NSO Group doesn’t maintain a public website, but emails to the company went unanswered.


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments