Industry Updates

Surveillance Spyware Originally Found On iOS Now Targeting Android

In 2016, security firms Lookout and Citizen Lab identified a dangerous new type of malware, dubbed Pegasus, that surfaced in the iOS ecosystem. The software was developed and sold by the NSO Group, a licensed cyber-arms dealer operating out of Israel. Highly advanced, it was primarily sold to governments, including a number of oppressive regimes, which used the software to track down dissidents in those countries.

The software was incredibly capable and extremely effective, allowing the hackers controlling it to gain almost total control over a victim’s phone. Using it, they could, among other things:

• Collect SMS settings and messages
• Monitor call logs, calendars and browser histories
• Comb through emails
• Monitor messages from most popular messaging apps like Facebook, Twitter, Viber, Skype, and WhatsApp
• Coopt the phone’s alarm system to schedule various malicious activities
• Activate both the front and rear cameras remotely to spy on the phone’s owner
• Take screen shots
• Answer the phone and listen in on conversations
• Log all keystrokes
• Auto-delete itself if discovered, or at the command of the hackers

The two security firms knew from the start, based on sales literature from the NSO Group, that an Android version also existed. But to date, they had been unable to find evidence of it in the wild. That changed recently, with the discovery of Chrysaor. Chrysaor is the Android variant of Pegasus that is even more advanced and full-featured.

A joint effort by Lookout and Google tracked the software to some two dozen phones in Georgia, the Ukraine and Turkey, and Google was able to remotely disable the software, but it is unknown how many more infected users might be out there. Chrysaor is extremely adept at hiding itself and virtually impossible to track down.

For now, the software seems to be employed primarily by governments. It has never been found in the hands of independent hacking groups, which means you’re almost certain never to run across it. If that changes, however, it would represent a grave, large-scale threat to global digital security.