The phrase Pegasus spyware should paint an expressive image for users that have ever encountered it. This stealthy infection received notable attention from the media first time around, when it targeted Apple products, running on iOS. The main objective of Pegasus was to complete the jailbreaking process and monitor victim’s activity.
There is a reason that this is fictional-beast is classified as a spyware: it opts to spy on infected users in all of the ways possible. Pegasus was explained to be capable of spying on victims’ calls, read messages, credentials, gather information about users’ whereabouts, track activity on a number of popular applications like WhatsApp and Skype.
Now, security researchers have found out that a new version of spyware was detected. It appears to be based on Pegasus, but the target is different: Android operating systems. This means that millions of users can become a victim of the newly-detected Chrysaor spyware. Its main goal is identical to the one Pegasus had: to spy on users’ every move, hijack cameras, microphones and other sensitive features. However, while Apple was able to finally prevent Pegasus from spreading with a patch, a different approach might be necessary this time. It appears that this spyware does not exploit vulnerabilities.
How does this spyware spread then? Well, hackers anticipate that users will download Chrysaor on their own. Chrysaor successfully infected people from all over the world: Israel, Georgia, Mexico, Turkey, Kenya, Kyrgyzstan, Nigeria, Tanzania, UAE, Ukraine and Uzbekistan. After a thorough analysis, it was determined that the scope of infections was not very wide. It appears that approximatelly 3 dozen Androids became compromised by Chrysaor.
Chrysaor spied on users by initiating certain procedures. It ran repeated commands, together with data collectors. It gained control over ContentObserver and was able to use it for tracking. Chrysaor was able to reach users’ credentials with a feature of a key-logger. After obtaining all of the information it needed, the spyware was able to automatically remove itself from the device. You might assume that this detrimental application might have been downloaded from Google Play store, but it never featured this software. This means that victims found Chrysaor in other sources.
Android operating systems are gradually receiving more attention from hackers. It does not matter if you want it or not: you have to be more careful while choosing applications. Even applications that are found in Google Play Store can potentially come after your credentials or attempt to gain certain privileges over your phone. Before downloading an app, always check whether it is not labeled as dangerous.
Source: security.googleblog.com.