[jpshare]Notorious surveillance software called Pegasus Andriod spyware has been Found which Monitor all the Vicims activities including take Screenshots, capture audio,Camera,Contact list Keystroke logging,read email and pull the data’s from the users Android Mobiles.

Google and the Lookout Security Intelligence team Discovered thisPegasus  Malware and Explained that ,existed as an Android application (APK) that compromised the device to install its malicious payload.

Google Said , This Pegasus Spyware originally Created by NSO Group ,According to news reports, NSO Group sells weaponized software that targets mobile phones to governments.

News reports indicate that the Pegasus spyware is sold for use on high-value targets for multiple purposes .

Google and Lookout announced the discovery, Google named this family of spyware
Chrysaor . Lookout references the “Chrysaor naming as part of the Pegasus for Android variant” of the Pegasus family first discovered on iOS

How Chrysaor Works :

To install this Chrysaor Spyware ,attacker specifically target the victim .and force them to install to their phone.

Once Chrysaor is installed Chrysaor Spyware remotely communicate with the Attackers command control Server and once connection has been established , its Automatically surveil the victim’s activities .

While installing this Spyware , exploits to escalate privileges and break Android’s application sandbox.

Specifically Chrysaor Spyware gain the super user privilege of the victims Mobiles and started to spying the users Activities .

Pegasus Detected as Anomalous Malware :

Lookout Security Intelligence team said , Analyzed the data that indicated these findings were anomalous.
Security Intelligence analysts were able to pinpoint a suspect set of apps which did not exist anywhere else in the world, including in public app stores or on public sources like VirusTotal.

“These apps contained metadata such as package names and signer information that only appeared in very limited cases which correlated with Pegasus-specific IOCs.”

Communication Methods :

Lookout Security Said ,Android equivalent is capable of communicating to attacker-controlled infrastructure via a number of different mechanisms and protocols. This includes via SMS, over HTTP, and through the Message Queue Telemetry Transport (MQTT) protocol.
  • A command included in the initial configuration.
  • A command sent via SMS.
  • A command sent in an HTTP response from an existing C2 server.

Targeted Applications :

According to the  Lookout Security , These are the Target Applications by Pegasus Spyware .

  • WhatsApp
  • Skype
  • Facebook
  • Viber
  • Kakao
  • Twitter
  • Gmail
  • Android’s Native Browser or Chrome
  • Android’s Native Email
  • Calendar

Analysis showed that in order to achieve this, Pegasus for Android first checked whether certain messaging app databases were present before using its super user access to query them and retrieve user content.

This included email messages, chat conversations, sent attachments, and cached content. We observed Pegasus for Android modifying the read, write, and execute permissions of the databases it targets to be accessible by all users.

Also Read :

SOURCELookout Security
BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


  1. Hey!! I invite you to know about this new antihacker smartphone called PRIVAT. It has two independent mainboards, one for the smartphone hardware and the other one for the independent camera. Furthermore, each one has its own operating system with an internal memory and an expandable SD slot. Click here to learn more


Please enter your comment!
Please enter your name here