[jpshare]Notorious surveillance software called Pegasus Andriod spyware has been Found which Monitor all the Vicims activities including take Screenshots, capture audio,Camera,Contact list Keystroke logging,read email and pull the data’s from the users Android Mobiles.
Google and the Lookout Security Intelligence team Discovered thisPegasus Malware and Explained that ,existed as an Android application (APK) that compromised the device to install its malicious payload.
Google Said , This Pegasus Spyware originally Created by NSO Group ,According to news reports, NSO Group sells weaponized software that targets mobile phones to governments.
News reports indicate that the Pegasus spyware is sold for use on high-value targets for multiple purposes .
How Chrysaor Works :
To install this Chrysaor Spyware ,attacker specifically target the victim .and force them to install to their phone.
Once Chrysaor is installed Chrysaor Spyware remotely communicate with the Attackers command control Server and once connection has been established , its Automatically surveil the victim’s activities .While installing this Spyware , exploits to escalate privileges and break Android’s application sandbox.
Specifically Chrysaor Spyware gain the super user privilege of the victims Mobiles and started to spying the users Activities .
Pegasus Detected as Anomalous Malware :
“These apps contained metadata such as package names and signer information that only appeared in very limited cases which correlated with Pegasus-specific IOCs.”
Communication Methods :
- A command included in the initial configuration.
- A command sent via SMS.
- A command sent in an HTTP response from an existing C2 server.
Targeted Applications :
According to the Lookout Security , These are the Target Applications by Pegasus Spyware .
- Skype
- Viber
- Kakao
- Gmail
- Android’s Native Browser or Chrome
- Android’s Native Email
- Calendar
Analysis showed that in order to achieve this, Pegasus for Android first checked whether certain messaging app databases were present before using its super user access to query them and retrieve user content.
This included email messages, chat conversations, sent attachments, and cached content. We observed Pegasus for Android modifying the read, write, and execute permissions of the databases it targets to be accessible by all users.
