Thursday, March 28, 2024

A Highly Sophisticated Victim’s Activities Monitoring Android Spyware “Notorious Pegasus” Discovered

[jpshare]Notorious surveillance software called Pegasus Andriod spyware has been Found which Monitor all the Vicims activities including take Screenshots, capture audio,Camera,Contact list Keystroke logging,read email and pull the data’s from the users Android Mobiles.

Google and the Lookout Security Intelligence team Discovered thisPegasus  Malware and Explained that ,existed as an Android application (APK) that compromised the device to install its malicious payload.

Google Said , This Pegasus Spyware originally Created by NSO Group ,According to news reports, NSO Group sells weaponized software that targets mobile phones to governments.

News reports indicate that the Pegasus spyware is sold for use on high-value targets for multiple purposes .

Google and Lookout announced the discovery, Google named this family of spyware
Chrysaor . Lookout references the “Chrysaor naming as part of the Pegasus for Android variant” of the Pegasus family first discovered on iOS

How Chrysaor Works :

To install this Chrysaor Spyware ,attacker specifically target the victim .and force them to install to their phone.

Once Chrysaor is installed Chrysaor Spyware remotely communicate with the Attackers command control Server and once connection has been established , its Automatically surveil the victim’s activities .

While installing this Spyware , exploits to escalate privileges and break Android’s application sandbox.

Specifically Chrysaor Spyware gain the super user privilege of the victims Mobiles and started to spying the users Activities .

Pegasus Detected as Anomalous Malware :

Lookout Security Intelligence team said , Analyzed the data that indicated these findings were anomalous.
 
Security Intelligence analysts were able to pinpoint a suspect set of apps which did not exist anywhere else in the world, including in public app stores or on public sources like VirusTotal.
 

“These apps contained metadata such as package names and signer information that only appeared in very limited cases which correlated with Pegasus-specific IOCs.”

Communication Methods :

Lookout Security Said ,Android equivalent is capable of communicating to attacker-controlled infrastructure via a number of different mechanisms and protocols. This includes via SMS, over HTTP, and through the Message Queue Telemetry Transport (MQTT) protocol.
  • A command included in the initial configuration.
  • A command sent via SMS.
  • A command sent in an HTTP response from an existing C2 server.

Targeted Applications :

According to the  Lookout Security , These are the Target Applications by Pegasus Spyware .

  • WhatsApp
  • Skype
  • Facebook
  • Viber
  • Kakao
  • Twitter
  • Gmail
  • Android’s Native Browser or Chrome
  • Android’s Native Email
  • Calendar

Analysis showed that in order to achieve this, Pegasus for Android first checked whether certain messaging app databases were present before using its super user access to query them and retrieve user content.

This included email messages, chat conversations, sent attachments, and cached content. We observed Pegasus for Android modifying the read, write, and execute permissions of the databases it targets to be accessible by all users.

Also Read :

Website

Latest articles

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles