Google security researchers say they have unearthed what is believed to be one of the most dangerous and sophisticated forms of Android malware ever discovered.
The malware, dubbed Chrysaor is designed to spy on unsuspecting users through their smartphone camera and microphone.
If that wasn’t bad enough, Chrysaor can also access emails, SMS, contact details and web browser history.
Chrysaor is linked to the Pegasus malware that was found to be targeting iPhones last year.
According to Greek mythology, Chrysaor and Pegasus were brothers, which were the two strains of malware get their names.
The discovery of Pegasus forced Apple to roll out urgent iOS update.
According to Google and security researchers from Lookout who helped discover Chrysaor, the malware was created a shadowy Israeli technology firm called NSO Group Technologies, who were also responsible for creating Pegasus.
The motives for creating Chrysaor remain unclear as security experts said it does not like like it has been designed to attack as many users as possible, which is normally the case when some creates a strain of malware.
Instead, the approach with Chrysaor seems to be more targeted as it was found on less than three dozen devices and was not possible to download from the Google Play Store.
In a blog post Google said: “A few PHA [potentially harmful application]authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices.
“This is known as a targeted attack.”
NSO Group was found to have targeted Middle East based human rights activists with the Pegasus malware and it is thought something was the case with Chrysaor.
“To install Chrysaor, we believe an attacker coaxed specifically targeted individuals to download the malicious software onto their device,” Google said.
“Once Chrysaor is installed, a remote operator is able to surveil the victim’s activities on the device and within the vicinity, leveraging microphone, camera, data collection, and logging and tracking application activities on communication apps such as phone and SMS.”
Google says that only a very small number of devices are affected. However, in order to protect themselves, users are advised to follow this five steps:
- Install apps only from reputable sources: Install apps from a reputable source, such as Google Play. No Chrysaor apps were on Google Play.
- Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.
- Update your device: Keep your device up-to-date with the latest security patches.
- Verify Apps: Ensure Verify Apps is enabled.
- Locate your device: Practice finding your device with Android Device Manager because you are far more likely to lose your device than install a PHA.