Categories: Malware

A Highly Sophisticated Victim’s Activities Monitoring Android Spyware “Notorious Pegasus” Discovered

[jpshare]Notorious surveillance software called Pegasus Andriod spyware has been Found which Monitor all the Vicims activities including take Screenshots, capture audio,Camera,Contact list Keystroke logging,read email and pull the data’s from the users Android Mobiles.

Google and the Lookout Security Intelligence team Discovered thisPegasus  Malware and Explained that ,existed as an Android application (APK) that compromised the device to install its malicious payload.

Google Said , This Pegasus Spyware originally Created by NSO Group ,According to news reports, NSO Group sells weaponized software that targets mobile phones to governments.

News reports indicate that the Pegasus spyware is sold for use on high-value targets for multiple purposes .

Google and Lookout announced the discovery, Google named this family of spyware
Chrysaor . Lookout references the “Chrysaor naming as part of the Pegasus for Android variant” of the Pegasus family first discovered on iOS

How Chrysaor Works :

To install this Chrysaor Spyware ,attacker specifically target the victim .and force them to install to their phone.

Once Chrysaor is installed Chrysaor Spyware remotely communicate with the Attackers command control Server and once connection has been established , its Automatically surveil the victim’s activities .

While installing this Spyware , exploits to escalate privileges and break Android’s application sandbox.

Specifically Chrysaor Spyware gain the super user privilege of the victims Mobiles and started to spying the users Activities .

Pegasus Detected as Anomalous Malware :

Lookout Security Intelligence team said , Analyzed the data that indicated these findings were anomalous.
Security Intelligence analysts were able to pinpoint a suspect set of apps which did not exist anywhere else in the world, including in public app stores or on public sources like VirusTotal.

“These apps contained metadata such as package names and signer information that only appeared in very limited cases which correlated with Pegasus-specific IOCs.”

Communication Methods :

Lookout Security Said ,Android equivalent is capable of communicating to attacker-controlled infrastructure via a number of different mechanisms and protocols. This includes via SMS, over HTTP, and through the Message Queue Telemetry Transport (MQTT) protocol.
  • A command included in the initial configuration.
  • A command sent via SMS.
  • A command sent in an HTTP response from an existing C2 server.

Targeted Applications :

According to the  Lookout Security , These are the Target Applications by Pegasus Spyware .

  • WhatsApp
  • Skype
  • Facebook
  • Viber
  • Kakao
  • Twitter
  • Gmail
  • Android’s Native Browser or Chrome
  • Android’s Native Email
  • Calendar

Analysis showed that in order to achieve this, Pegasus for Android first checked whether certain messaging app databases were present before using its super user access to query them and retrieve user content.

This included email messages, chat conversations, sent attachments, and cached content. We observed Pegasus for Android modifying the read, write, and execute permissions of the databases it targets to be accessible by all users.

Also Read :

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

  • Hey!! I invite you to know about this new antihacker smartphone called PRIVAT. It has two independent mainboards, one for the smartphone hardware and the other one for the independent camera. Furthermore, each one has its own operating system with an internal memory and an expandable SD slot. Click here to learn more

Recent Posts

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

55 minutes ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

2 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

2 hours ago

Massive Credit Card Leak, Database of 1,221,551 Cards Circulating on Dark Web

A massive data breach has sent shockwaves across the globe, as a database containing sensitive…

4 hours ago

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

2 days ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

3 days ago