Menu
Notorious iOS spyware has an Android sibling

Notorious iOS spyware has an Android sibling

The Android variant can steal data from messaging apps, spy from a phone’s camera or microphone, and self-destruct.

IDG

IDG

Security researchers have uncovered the Android version of an iOS spyware known as Pegasus in a case that shows how targeted electronic surveillance can be.

Called Chrysaor, the Android variant can steal data from messaging apps, snoop over a phone’s camera or microphone, and even erase itself.

On Monday, Google and security firm Lookout disclosed the Android spyware, which they suspect comes from NSO Group, an Israeli security firm known to develop smartphone surveillance products.

Fortunately, the spyware never hit the mainstream. It was installed less than three dozen times on victim devices, most of which were located in Israel, according to Google. Other victim devices resided in Georgia, Mexico and Turkey, among other countries.

Users were probably tricked into downloading the malicious coding, perhaps though a phishing attack. Once it installs, the spyware can act as keylogger, and steal data from popular apps such as WhatsApp, Facebook and Gmail.

image00 Google

In addition, it possesses a suicide function that’ll activate if it doesn’t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator.

The surveillance features are similar to those found in Pegasus, which has also been linked with NSO Group.

At the time, Lookout called the spyware the most sophisticated attack it’s ever seen on a device. The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user.

The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it. His phone had received an SMS text message, which contained a malicious link to the spyware.

Apple quickly issued a patch. But Lookout had also been investigating into whether NSO Group developed an Android version. To find out, the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps.

Those findings were then shared with Google, which managed to identify who was affected. However, unlike the iOS version, the Android variant doesn’t actually exploit any unknown vulnerabilities. Instead, it taps known flaws in older Android versions.

Chrysaor was never available on Google Play, and the small number of infected devices found suggests that most users will never encounter it, the search giant said.

NSO Group doesn’t maintain a public website, but emails to the company went unanswered.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
Show Comments