Google researchers have recently detected an advanced Android spyware that has been spreading for three years. The malicious Chrysaor app is not a regular spying program that can steal contact lists, track messages or browsing history. This malicious app is also capable of hacking camera and microphone. This sophisticated spyware seems to be related to Pegasus malware. The latter mobile infection was attacking iOS users last year. Google researchers found out that these two applications were developed by the same Israel-based company – NSO Group Technologies. Both potentially harmful applications (PHA) was used for targeted attacks only, and haven’t attacked many Android users. However, security experts suggest taking precautions in order to avoid this nasty malware.
The relationship between Chrysaor and Pegasus allows making an assumption that the purpose of these applications might be similar. The iOS targeting malware was used for attacking human rights activist from the Middle East and journalist from Mexico. Thus, developers launched only targeted attacks. It seems the same strategy was applied for the Chrysaor app’s distribution. Authors of the malicious app did not have a purpose to affect the wide range of smartphones and other mobile devices. According to the Google, Chrysaor has been installed only on less than three dozen devices. The majority of attacks has been held in Israel. However, Android users from Georgia, Mexico, Turkey, and other countries in Africa and the Middle East have suffered from this attack too. On Android developers blog, the company revealed that this application was never available to download from Google Play. Thus, users could only install it from third-party sources.
Installation of the Chrysaor gives developer full access to the affected device. This app is designed to use six different techniques to track data on the affected device. Spyware collects information related to SMS and other messages sent/received on various communication programs and social media, browsing history, contact list, call logs, etc. Moreover, it can hack camera and microphone. Thus, it is also capable of answering calls and listening to conversations. However, the most advanced feature of this malicious app is its ability to destroy itself if it’s detected.
Nevertheless, Google claims that chances to download this malicious app are little; Android users are reminded to take precautions to avoid malware. Users should choose reliable sources for app installation. Possibilities to install a malicious app from Google Play are lower than from unknown third-party sources. Enabling Verify Apps function also helps to decrease chances to download malicious software. Lastly, it’s crucial to keep the device and installed software updated to avoid security flaws.