• Home
  • Apps
  • Apps News
  • Google, Lookout Detail 'Chrysaor' Android Malware, Related to Pegasus iOS Malware

Google, Lookout Detail 'Chrysaor' Android Malware, Related to Pegasus iOS Malware

Google, Lookout Detail 'Chrysaor' Android Malware, Related to Pegasus iOS Malware
Highlights
  • Infected apps were never made available through Google Plays
  • Chrysaor doesn't make use of zero-day vulnerabilities
  • New malware believed to be related to Pegasus
Advertisement

Researchers at Google and mobile security firm Lookout have now discovered that infamous iOS spyware Pegasus, which was described as sophisticated and discovered last year, has now turned up on Android in the form of 'Chrysaor'. Notably, the advanced form of malware can potentially give remote control of the device to the exploiter and even deletes itself, remove all traces.

Before you start getting uneasy, Google has clarified that the infected apps that carried the malware were never made available through Google Play store. Further, Google said that it tried to find the scope of Chrysaor by using Verify Apps, only to find that it had low volumes of installs outside Google Play. As per search giant, Israel-based NSO Group Technologies, which was behind the Pegasus malware is believed to be behind Chrysaor as well.

"Late last year, after receiving a list of suspicious package names from Lookout, we discovered that a few dozen Android devices may have installed an application related to Pegasus, which we named Chrysaor," Google said in a post. "Among the over 1.4 billion devices protected by Verify Apps, we observed fewer than 3 dozen installs of Chrysaor on victim devices," it added.

As per the search giant, the Chrysaor malware has been targeted at devices running Android 4.3 Jelly Bean or earlier versions.

Some of the spying functionalities in the Chrysaor malware include keylogging, screenshot capture, Live audio capture, remote control of the malware via SMS, browser history exfiltration, email exfiltration from Android's native email client, contacts and text message, as per Lookout. It also enables messaging data exfiltration from common applications including WhatsApp, Skype, Facebook, Twitter, Viber, Kakao.

The Chrysaor malware self destructs itself when it finds its position in danger and meets certain conditions, Lookout points out. "It's clear that this malware was built to be stealthy, targeted, and is very sophisticated," Lookout said in its post regarding the malware.

The most notable difference between Chrysaor on Android and Pegasus on iOS is that the former doesn't use zero-day vulnerabilities to root the device. Chrysaor instead uses a well-known rooting technique called Framaroot.

"In the case of Pegasus for iOS, if the zero-day attack execution failed to jailbreak the device, the attack sequence failed overall. In the Android version, however, the attackers built in functionality that would allow Pegasus for Android to still ask for permissions that would then allow it to access and exfiltrate data. The failsafe jumps into action if the initial attempt to root the device fails," Lookout said.

As the Chrysaor malware has not been distributed at large scale, majority of Android devices are out of danger but we would like to warn our readers who are using Android not to install apps from unverified sources in order to keep their devices secure

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Apple Music 2.0 for Android Finally Brings Features From iOS 10 Revamp
NASA's Cassini Probe Set to End 20-Year Journey
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »