Google, Lookout Detail 'Chrysaor' Android Malware, Related to Pegasus iOS Malware

Advertisement
By Shekhar Thakran | Updated: 5 April 2017 14:10 IST
Highlights
  • Infected apps were never made available through Google Plays
  • Chrysaor doesn't make use of zero-day vulnerabilities
  • New malware believed to be related to Pegasus

Researchers at Google and mobile security firm Lookout have now discovered that infamous iOS spyware Pegasus, which was described as sophisticated and discovered last year, has now turned up on Android in the form of 'Chrysaor'. Notably, the advanced form of malware can potentially give remote control of the device to the exploiter and even deletes itself, remove all traces.

Before you start getting uneasy, Google has clarified that the infected apps that carried the malware were never made available through Google Play store. Further, Google said that it tried to find the scope of Chrysaor by using Verify Apps, only to find that it had low volumes of installs outside Google Play. As per search giant, Israel-based NSO Group Technologies, which was behind the Pegasus malware is believed to be behind Chrysaor as well.

Advertisement

"Late last year, after receiving a list of suspicious package names from Lookout, we discovered that a few dozen Android devices may have installed an application related to Pegasus, which we named Chrysaor," Google said in a post. "Among the over 1.4 billion devices protected by Verify Apps, we observed fewer than 3 dozen installs of Chrysaor on victim devices," it added.

As per the search giant, the Chrysaor malware has been targeted at devices running Android 4.3 Jelly Bean or earlier versions.

Advertisement

Some of the spying functionalities in the Chrysaor malware include keylogging, screenshot capture, Live audio capture, remote control of the malware via SMS, browser history exfiltration, email exfiltration from Android's native email client, contacts and text message, as per Lookout. It also enables messaging data exfiltration from common applications including WhatsApp, Skype, Facebook, Twitter, Viber, Kakao.

The Chrysaor malware self destructs itself when it finds its position in danger and meets certain conditions, Lookout points out. "It's clear that this malware was built to be stealthy, targeted, and is very sophisticated," Lookout said in its post regarding the malware.

Advertisement

The most notable difference between Chrysaor on Android and Pegasus on iOS is that the former doesn't use zero-day vulnerabilities to root the device. Chrysaor instead uses a well-known rooting technique called Framaroot.

"In the case of Pegasus for iOS, if the zero-day attack execution failed to jailbreak the device, the attack sequence failed overall. In the Android version, however, the attackers built in functionality that would allow Pegasus for Android to still ask for permissions that would then allow it to access and exfiltrate data. The failsafe jumps into action if the initial attempt to root the device fails," Lookout said.

Advertisement

As the Chrysaor malware has not been distributed at large scale, majority of Android devices are out of danger but we would like to warn our readers who are using Android not to install apps from unverified sources in order to keep their devices secure

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Rise of the Ronin, Dying Light and More Join PS Plus Game Catalogue in July
  2. Here's the Full List of Leaked Samsung Galaxy Z Fold 8 Series Specifications
  3. OnePlus Could Exit India by 2027 as Part of Oppo's Restructuring Plans
  1. CMF Clip Pro Reportedly Spotted on IMDA, Could Debut as Clip-Style Earbuds
  2. Redmi 17 4G Price, Specifications and Renders Reportedly Surface Ahead of Launch
  3. Codex Micro Launched as a Dedicated Controller for OpenAI Codex Power Users: Price, Features
  4. PS Plus Game Catalogue Titles for July Announced: Avatar: Frontiers of Pandora, Rise of the Ronin and More
  5. Vivo T5 Lite 5G Launched in India With 6,500mAh Battery, 50-Megapixel Camera: Price, Specifications
  6. UK Government Plans Social Media Curfews for Teenagers Under New Online Safety Rules
  7. Redmi Note 17 India Launch Tipped for August; Specifications to Differ From China Variant
  8. Google Pixel 11 Teased Ahead of August 12 Launch, Pixel Glow Feature Confirmed
  9. Realme C100x Launched in India With 8,000mAh Battery, 6.8-Inch Display: Price, Specifications
  10. Samsung Galaxy Z Fold 8, Galaxy Z Fold 8 Ultra Key Specifications Surface Online Before Anticipated Launch
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.