Mobile & Gadgets

Advanced Android spyware found by Google after bypassing security for 3 years

Google has detected Chrysaor, the Android version of the infamous Pegasus iOS spyware. It is believed to have been infecting devices for three years while avoiding detection, the company wrote on its blog. Infection was caused by installation of an app from a third-party store; Google Play did not have infected applications for download.

Pegasus, the most advanced surveillance tool sold by NSO Group, exploited three unpatched zero-day vulnerabilities in iOS and was detected last August when it targeted Mexican journalist and UAE activist Rafael Cabrera.

Chrysaor shares many of Pegasus’ features, but comes with added specs; it collects all data associated with SMS settings, SMS messages, call logs, browser history, calendar, contacts, emails, and messages from messaging apps and social networks, captures screenshots, answers calls and allows the caller to hear conversations in the background, and self-destructs in case of detection.

These features allowed the hacker to monitor and steal all activity on the device and in its proximity. Not many devices were infected as Chrysaor was “used in a targeted attack on a small number of Android devices,” Google said. Most targets were in Israel, but individuals in Georgia, Mexico, Turkey and the UAE, among others, were also targeted.

The spyware was designed to target devices running Jellybean (4.3) or earlier, one sample analyzed by Google revealed.

“Upon installation, the app uses known framaroot exploits to escalate privileges and break Android’s application sandbox. If the targeted device is not vulnerable to these exploits, then the app attempts to use a super user binary pre-positioned at /system/csk to elevate privileges,” Google said.

NSO Group Technologies is a controversial Israeli company that develops and sells surveillance software that has been used against journalists and human rights activists. In 2012 the Mexican government confirmed signing a $20 million contract with NSO Group.

About the author

Luana PASCU

From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Luana, do you have any information as to whose phones were actually compromised, or under what circumstances the infection took place?

  • Hello Luana, I was reading about what Pegasus can do and it is exactly what happened to me. For example I would be sending an SMS and then out of the blue someone would write their comment, it was quite weird.
    I'll begin from day 1. I picked up my iPhone and it had been completely taken over, I couldn't do a thing, I couldn't type the word I wanted as that had been controlled also. I had pics on my iPhone that were somehow transferred from my families iPhones. Before all this began I had been using twitter and I had said a word on twitter that was offensive to others without me realising this, I had just previously learnt what the word meant before I tweeted it, if I had have known it was going to offend people I wouldn't have even said it. Anyway someone had left a message on my iPhone telling me that they had read what sites I had visited. They knew everything about me via my emails, SMS messages, my contacts, my photos,my iPhone camera's etc etc. I also believe my iPhone was tapped. They knew where I had been away on holidays, absolutely everything. I also have a Smart TV and that had been hacked into also. It became quite scary as I believe I was being terrorised, I truly believe my life was at danger or my family. I read the analytics on my iPhone and noticed Pegasus among other names. I no longer keep any of my details on my iPhone, I won't even speak when I'm near my iPhone and mostly leave it at home. I was wondering if this is connected to what you described.