Advanced Android spyware found by Google after bypassing security for 3 years
Google has detected Chrysaor, the Android version of the infamous Pegasus iOS spyware. It is believed to have been infecting devices for three years while avoiding detection, the company wrote on its blog. Infection was caused by installation of an app from a third-party store; Google Play did not have infected applications for download.
Pegasus, the most advanced surveillance tool sold by NSO Group, exploited three unpatched zero-day vulnerabilities in iOS and was detected last August when it targeted Mexican journalist and UAE activist Rafael Cabrera.
Chrysaor shares many of Pegasus” features, but comes with added specs; it collects all data associated with SMS settings, SMS messages, call logs, browser history, calendar, contacts, emails, and messages from messaging apps and social networks, captures screenshots, answers calls and allows the caller to hear conversations in the background, and self-destructs in case of detection.
These features allowed the hacker to monitor and steal all activity on the device and in its proximity. Not many devices were infected as Chrysaor was “used in a targeted attack on a small number of Android devices,” Google said. Most targets were in Israel, but individuals in Georgia, Mexico, Turkey and the UAE, among others, were also targeted.
The spyware was designed to target devices running Jellybean (4.3) or earlier, one sample analyzed by Google revealed.
“Upon installation, the app uses known framaroot exploits to escalate privileges and break Android’s application sandbox. If the targeted device is not vulnerable to these exploits, then the app attempts to use a super user binary pre-positioned at /system/csk to elevate privileges,” Google said.
NSO Group Technologies is a controversial Israeli company that develops and sells surveillance software that has been used against journalists and human rights activists. In 2012 the Mexican government confirmed signing a $20 million contract with NSO Group.
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022