Google has explained that Chrysaor has been created by NSO Group Technologies, a company dedicated to the creation and sale of software of this type and infrastructure in targeted attacks, and that is related to the Pegasus spyware, first discovered in Apple’s operating system. Chrysaor reached devices through applications that were not available on Google Play and works by installing on the phone and thus taking remote control of it. When installed, the application uses exploits to gain privileges within the phone.
From Mountain View they explain how Chrysaor works, using different techniques to collect user data. The malware allows the collection of user data that includes SMS, call logs, browser history, calendar, emails or messages from Twitter, Facebook, WhatsApp, Skype or Viber, among others. Chrysaor also acts by taking screenshots of the device and through ‘keylogging’, that is, it records what is written with that terminal. Other spying techniques used by malware are, for example, Roomtap, accessing the phone’s microphone to listen to conversations.
Furthermore, to avoid being discovered, the application is capable of self-destruction. If it cannot interact with the server in 60 days, which means that it has been discovered on that terminal, it removes itself from the infected phone.
However, from Mountain View they assure that there is nothing to worry about because so far only three dozen devices Android have been affected by malicious software, of the more than 1.4 billion Android devices outstanding assets. Most of those affected have been in Israel, Georgia and Mexico but also in Turkey, Kenya, Ukraine or Nigeria, among others. Google ensures that users of the 30 affected devices have already been notified and Chrysaor has been disabled from those terminals. In addition, information has been collected from the affected devices to achieve greater protection from other Android users.
In addition, to avoid falling into the attacks of Chrysaor or any other related malware, Google has published a series of security tips for its users such as installing applications only from official sources and trusted, like Google Play; enable security lock screens on the phone such as a PIN code, a password or a pattern; or always keep the device updated so that it has the necessary security patches.