Chrysaor Targets Android Devices

Chrysaor Targets Android Devices

If you are one of 1.6 billion people who use Android, there is an infection you need to beware of, and it is known by the name “Chrysaor.” This threat is believed to have been created by NSO Group Technologies, which is infamous for a malicious piece of software called “Pegasus.” This one, however, is a threat to iOS users. According to Android representatives, the dangerous threat is not spreading widely, and it is believed that it was created for targeted attacks. Considering that only a few dozens of Android systems have been found to be infected by this threat, that is pretty believable. According to the latest research, while this infection is primarily targeted at users in Israel, it was found on devices located in Georgia, Mexico, Turkey, Kenya, Kyrgyzstan, Nigeria, Tanzania, the United Arab Emirates, Ukraine, and Uzbekistan. Unfortunately, Chrysaor is pretty dangerous, and when it attacks, it can do big things.

The infiltration of the clandestine Chrysaor is pretty mysterious, but it is most likely that this threat was camouflaged as something much more attractive to fool users into installing it. Though it is not available via the Google Play store, it could be promoted via malicious pages. Also, it could be introduced via pop-up advertisements that might show up when visiting such pages. Of course, considering that specific users are targeted, more personalized attacks could be employed. For example, a corrupted spam email attachment with malware embedded in it could be sent. Overall, the user is unlikely to notice the threat; otherwise, it could not spread. To ensure that Chrysaor stays active, it can install itself onto the system partition. Also, it can remove the system’s update app to ensure that auto-updates do not happen. Furthermore, the malicious app can use framaroot exploits to obtain more privileges. If the exploit is not successful, the threat employs a SU binary set at /system/csk.

Once Chrysaor is installed successfully, it can be employed for various tasks, but all of them have to do with spying on the target. First and foremost, this spyware can employ data collectors to record SMS messages, browsing history, call logs, contacts, emails, as well as chat history from Facebook, Skype, and other messaging apps. Additionally, Chrysaor can work as a keylogger by recording input, which means that sensitive login information could be recorded. The app is also capable of capturing screenshots to gather more sensitive information. The most intrusive feature of this spyware might be its ability to listen to calls without the victim’s notice using the microphone. Although the spyware can successfully record information from regular users to make a quick profit, it appears that it was primarily created as a tool to spy on specific people. As mentioned previously, the threat is believed to target only specific Android users.

The devious Chrysaor is capable of destroying itself when it is necessary. That might happen when the attacker gets what they want, or when the infection is discovered. According to the Android developers, the app can be removed using a command sent from a remote server or using the so-called “antidote file” in /sdcard/MemosForNotes. Also, it is reported that if the infected device does not check in to the server after a certain period (should be 60 days), the app is automatically removed. This, of course, means that the infection could spy on the user, record information, and disappear without any notice, as if nothing had happened at all. Though it is most likely that this threat was created to listen to calls and record messages on specific devices, it has the potential to perform virtual identity theft as well, and that is the most disconcerting thing about Chrysaor. It is possible that the creator of this malicious spyware could modify it for bigger and wider attacks, which is why taking appropriate security measures is crucial.

What can you do to protect your Android device? First and foremost, you need to be cautious because malware usually slithers in via the backdoors that you open up yourself. When installing apps, make sure you research them and install them only via reputable sources. It is also recommended that you enable Verify Apps to ensure that apps are scanned and approved before you install them. Finally, you have to keep up with the necessary updates because when you skip them, the detected security vulnerabilities can be exploited by malicious parties. If you take good care of your Android device, you should be able to defend yourself against intrusive spyware and other unreliable apps.