Chrysaor is spyware believed to be created by NSO Group Technologies, specializing in the creation and sale of software and infrastructure for targeted attacks. Chrysaor is believed to be related to the Pegasus spyware that was first identified on iOS. Chrysaor is a highly sophisticated malware most likely used to carry out advanced espionage campaigns.
Chrysaor doesn’t exploit a vulnerability. Instead, Google believes attackers coax specifically targeted individuals to download the Chrysaor malware onto their device. “Once Chrysaor is installed, a remote operator is able to surveil the victim’s activities on the device and within the vicinity, leveraging microphone, camera, data collection, and logging and tracking application activities on communication apps such as phone and SMS,” wrote Google.
Upon installation, the app uses Framaroot rooting techniques to find security holes that allow the attackers to escalate privileges and break Android’s application sandbox, Google said. “If the targeted device is not vulnerable to these exploits, then the app attempts to use a superuser binary pre-positioned at /system/csk to elevate privileges,” according to Google.
Chrysaor is also very careful when it comes to being detected and is programmed to uninstall itself if there’s any chance it has been found, it will remove itself from the phone if the SIM MCC ID is invald, an ‘antidote’ file exists, it has not been able to check in with the servers after 60 days, or it receives a command from the server to remove itself.
Chrysaor had a very low volume of installs outside of Google Play, fewer than 3 dozen installs of Chrysaor on victim devices. These devices were located in the following countries:
To ensure you are fully protected against Potentially Harmful Applications (PHAs) and other threats, we recommend these 5 basic steps:
1. Install apps only from reputable sources: Install apps from a reputable source, such as Google Play.
2. Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.
3. Update your device: Keep your device up-to-date with the latest security patches.
4. Locate your device: Practice finding your device with Android Device Manager because you are far more likely to lose your device than install a PHA.
5. Keep a good Anti Virus or Android Total Security software installed on your device like Max Total Security .