Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.
Whether $5 or $50, every contribution counts.
Support us to deliver journalism without an agenda.
Louise Thomas
Editor
An extremely sophisticated Android app designed to spy on users has been discovered by security researchers.
Called Chrysaor, it’s capable of spying on users through their smartphone camera and microphone, as well as accessing messages, emails, contact details and browser history.
In Greek mythology, Chrysaor was the brother of Pegasus, the winged horse. The spyware was thus named because it’s believed to be linked to Pegasus, spyware that was found to be targeting handsets running iOS last year.
Gadget and tech news: In pictures
Show all 25
That discovery prompted Apple to build and release an important security update for the iPhone.
Google and Lookout announced the Chrysaor find this week, and the companies suspect it was created by Israeli firm NSO Group Technologies, the same group behind Pegasus.
Unusually, it appears that Chrysaor was never designed to attack as many people as possible. It was never available to download from Google Play, and has been discovered on less than three dozen devices.
“A few [potentially harmful application] authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices,” said Google in a blog post. “This is known as a targeted attack.”
NSO Group Technologies targeted human rights activist based in the Middle East with Pegasus, and it’s possible that the group was trying something similar with Chrysaor.
“To install Chrysaor, we believe an attacker coaxed specifically targeted individuals to download the malicious software onto their device,” said Google.
“Once Chrysaor is installed, a remote operator is able to surveil the victim's activities on the device and within the vicinity, leveraging microphone, camera, data collection, and logging and tracking application activities on communication apps such as phone and SMS.”
Google says the likelihood of most users being affected by Chrysaor is small, but recommends users protect themselves by:
Only installing apps only from reputable sources
Enabling a secure lock screen
Keeping devices up-to-date with the latest security patches
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments