Stealing large quantities of communication data, taking screenshots, or taking control of your phone’s camera are some of the threats of Chrysaor, a harmful ‘spyware’ that has recently been discovered and which targets Android devices.
It is not the first time that the NSO Group, an Israeli company that develops espionage software, has created tools designed to intrude on smart devices. Last year, the same company launched Pegasus, Chrysaor’s brother in Greek mythology, which took advantage of three zero day vulnerabilities for spying on iPhones.
Human rights activist and defender Ahmed Mansoor, who was recently arrested at his home in Abu Dhabi, was reported by Amnesty International as one of the victims of Pegasus, as well as a Mexican journalist.
Now, the new version has been discovered in a “few dozen Android devices,” according to Google. The affected smartphones were located in Israel, Georgia, Mexico, Turkey and United Arab Emirates. However, because of the way that Chrysaor works, it is difficult to quantify its true impact, making it one of the most dangerous malware samples ever discovered on Android.
The Spy Who Self Destructs
Chrysaor was spread to smartphones through a simple text message. The message contained a link to download the tool, hidden under the guise of an application that has not yet become available for download.
It is unclear whether Chrysaor also took advantage of zero day vulnerabilities, as it uses another technique that takes advantage of known exploits to gain total control of the system.
Once Chrysaor takes control, it gathers call log data from WhatsApp, Facebook, Twitter, Skype and Gmail. This dangerous malware also accessed the camera and microphone, took screenshots, and acted as a keylogger by recording keystrokes.
Finally, Chrysaor is programmed to self-destruct. If the malware detects that it is going to be discovered, it deletes itself. Precisely for that reason it has managed to avoid detection for three years.
Google has already informed victims of Chrysaor’s danger, has disabled the app on devices, and updated its Verify Apps service to protect all Android users.
The first samples of this version of Pegasus for Android date from 2014, so it seems likely that both the NSO Group and other distributors of tools like these have developed even more sophisticated techniques since then. The discovery of Chrysaor may not be the last.