A few months back, we covered a nasty and incredibly advanced piece of malware dubbed Pegasus. Created by a relatively obscure Israeli security company called the NSO Group, Pegasus seemingly set a new bar for mobile hacking sophistication. Built upon three previously undisclosed iOS zero-day exploits, Pegasus, once installed, was able to eavesdrop on conversations, remotely spy on a users’s text messages, location, browsing history, calendar records, photos and more.
Apple has since patched the aforementioned zero-day exploits, but an Android variant of Pegasus has since been discovered by security researchers from Google and Lookout and, believe it or not, it’s even more dangerous than the original.
The Android version of Pegasus is being called Chrysaor and, not surprisingly, houses an extensive list of surveillance features similar to the list above, along with some other goodies such as keylogging, live audio capture and more. Additionally, Chrysaor has the ability to spy on all types of popular messaging apps, including WhatsApp, Twitter, Skype and Facebook.
What makes Chrysaor more worrisome than Pegasus, however, is that it doesn’t rely on zero-day exploits in order to infect a targeted device. In effect, it’s a lot easier to infect an Android device with Chrysaor than it was to infect an iOS device with Pegasus.
Submitted by: Arnfried Walbrecht