Google Detected A Sophisticated Android Spyware

Chrysaor: A New Version of Pegasus that Corrupts Android

Just like the devious Pegasus spyware that was discovered spying on the users of iOS devices, Chrysaor is capable of spying as well; however, this infection targets the users of Android. Both infections were created by the same company (NSO Group Technologies) that appears to be based in Israel. Unsurprisingly, the infection has been discovered on most devices that were located in Israel. Georgia, Mexico, and Turkey are few other countries where the infected devices were found as well. The strange thing is that this dangerous spyware has been discovered on a small number of devices, and it does not look like it will be spread in a more aggressive manner in the future. That is because Chrysaor was not created to exploit random users. Instead, it was developed to attack specific targets. Needless to say, regular users are unlikely to face this threat now; however, that does not mean that things could not change in the future.

How Chrysaor invades Android devices

Since Chrysaor targets specific users, the attacks might be unique in every case. All in all, undoubtedly, the creator of the malicious app must trick the target into installing it onto their Android device. The app is not offered via the Google Play store, and so it must be offered in different ways. Unfortunately, users are often careless about the apps they install thinking that they can just remove them if they do not like them. If you were coaxed into installing an unfamiliar app via an unfamiliar source, it is possible that this app is malicious. Regardless of how attractive an app might be, it is crucial to research it. Also, if you enable the Verify Apps feature, the apps you install can be scanned beforehand to ensure that you do not install malicious ones. Overall, if Chrysaor spyware finds its way in, it is likely to stay put because it can be installed onto the system partition and because it can disable auto-updates. Using these methods, the malicious app ensures that it is not eliminated from the infected Android device automatically.

How Chrysaor works on Android

The malicious Chrysaor has many privileges, and that is ensured using framaroot exploits or by setting the superuser binary at /system/csk. According to the research of Android developers who analyzed this app, its privileges allow it to answer calls and listen to them in the background without the user’s notice. It also can capture screenshots and log keyboard input to record private information. Chrysaor also can hack the camera to observe the surroundings of the victim, as well as collect data regarding geographical location and device settings. On top of that, it can record messages, call logs, browser history, chat history (from Facebook Messenger, WhatsApp, and other apps), contacts, calendar information, etc. Basically, when this spyware invades the device, it can record everything that is done using it, as well as everything that is stored on it. Needless to say, that is a huge privacy invasion, and it can lead to nothing but trouble. At the moment, the spyware is only spying on its victims, but who can say that it cannot be used to steal virtual identity, perform illicit transactions via hacked bank accounts, and use personal accounts to spread malware?

How to remove Chrysaor from Android

It was found that the creator of Chrysaor can delete it from the corrupted Android device before the victim even realizes that a malicious app is spying on them. A special command can be used to eliminate this app. A file at /sdcard/MemosForNotes could be used as well. If the app is eliminated without the user’s notice, it is unlikely that that user will realize what has happened at all. Since the threat has been detected already by Android support, all you need to do is update the device, and spyware will be eliminated. It is also smart to install a security app that could guard your device against the invasion of malicious apps. As mentioned previously, by setting up Verify Apps, you will prevent malicious apps from slithering in even if you choose to install them yourself. One more thing you have to be cautious about is your own activity. If you visit unreliable pages, interact with random pop-ups, and install random apps, the chances of letting in malicious apps are much higher.