Security researchers from Google and Lookout are warning Android users about “one of the most sophisticated and targeted mobile attacks we’ve seen in the wild.” Called Chrysaor, it’s the sibling of Pegasus, a zero-day iOS exploit that was used to spy on a United Arab Emirates human rights activist. Once installed, attackers are able to spy on calls, texts, and emails, microphone, camera, keylogging, GPS and other user data.
In other words, this is not a hacking tool that was coded by “script kiddy” amateurs. Lookout believes it was developed for government surveillance use by NSO Group, a “cyber war” organization located in Israel that charges over $1 million to infect a phone with malware. (For more on what it can do, see Lookout’s paper here.)
There’s a big difference between the Android and iOS versions, too. The iOS malware was designed to jailbreak the target device using three known zero-day vulnerabilities and then install malicious software. If the root failed, the attack failed, and back in August, Apple patched those three holes, effectively rendering Pegasus useless.
On Android devices, however, if Chrysaor can’t root a device, it uses a failsafe to request permissions that still allow it to steal your data. “This means Pegasus for Android is easier to deploy on devices and has the ability to move laterally if the first attempt to hijack the device fails,” Lookout Security VP Mike Murray wrote.