Unusually, it appears that Chrysaor was never designed to attack as many people as possible / Justin Sullivan/Getty Images

It’s believed to be linked to Pegasus, a notorious program found to be targeting iPhones last year

An extremely sophisticated Android app designed to spy on users has been discovered by security researchers.

Called Chrysaor, it’s capable of spying on users through their smartphone camera and microphone, as well as accessing messages, emails, contact details and browser history. 

In Greek mythology, Chrysaor was the brother of Pegasus, the winged horse. The spyware was thus named because it’s believed to be linked to Pegasus, spyware that was found to be targeting handsets running iOS last year. 

That discovery prompted Apple to build and release an important security update for the iPhone. 

Google and Lookout announced the Chrysaor find this week, and the companies suspect it was created by Israeli firm NSO Group Technologies, the same group behind Pegasus.

Unusually, it appears that Chrysaor was never designed to attack as many people as possible. It was never available to download from Google Play, and has been discovered on less than three dozen devices.

“A few [potentially harmful application] authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices,” said Google in a blog post. “This is known as a targeted attack.”

NSO Group Technologies targeted human rights activist based in the Middle East with Pegasus, and it’s possible that the group was trying something similar with Chrysaor. 

“To install Chrysaor, we believe an attacker coaxed specifically targeted individuals to download the malicious software onto their device,” said Google. 

“Once Chrysaor is installed, a remote operator is able to surveil the victim's activities on the device and within the vicinity, leveraging microphone, camera, data collection, and logging and tracking application activities on communication apps such as phone and SMS.” 

Google says the likelihood of most users being affected by Chrysaor is small, but recommends users protect themselves by: 

  • Only installing apps only from reputable sources
  • Enabling a secure lock screen
  • Keeping devices up-to-date with the latest security patches
  • Enabling Verify Apps (Settings > Google > Security > Verify Apps)
  • Getting familiar with Android Device Manager, as “you are far more likely to lose your device than install a PHA”

Comments