The article I chose this week is regarding Android’s version of one of the most high-leveled mobile spyware has been discovered that remained undetected for at least three years due to its clever self-destruction abilities.
This mobile spyware has been called, “Chrysaor”; this Android spyware has been used in previous attacks against activists and journalists in Israel, Georgia, Turkey, Mexico, the UAE and other countries. NSO Group Technologies, has been believed to make the most advance mobile spyware on the planet and has sold them to governments, law enforcement agencies worldwide, as well as dictatorial regimes.
Chrysaor spying functions include:
- Exfiltrating data from popular apps including Gmail, WhatsApp, Skype, Facebook, Twitter, Viber, and Kakao.
- Controlling device remotely from SMS-based commands.
- Recording Live audio and video.
- Keylogging and Screenshot capture.
- Disabling of system updates to prevent vulnerability patching.
- Spying on contacts, text messages, emails and browser history.
- Self-destruct to evade detection
Subsequently, researchers believe that Chrysaor has been distributed via SMS phishing message, like the Pegasus infection on iOS devices. According to the article, Google recommends that “users should only install apps from reputable sources, protect your device with pin or password lock, enable ‘verify apps’ feature from settings, and obviously, keep your device always up-to-date with the latest security patches”.