Back in August, Pegasus for iOS made headlines as one of the most sophisticated espionage apps on mobile. The app was believed to have been in circulation for quite a while before being discovered. Furthermore, it was suggested that a few hundred more iterations of the app were still around, targeting specific individuals like a political dissident from the UAE.
Now, Google has detailed Pegasus for Android, a clone of the app for Google’s platform. Mobile security firm Lookout sent Google a list of suspicious package names while it was conducting its own analysis. Google found that a few dozen Android devices had installed an application that bore a remarkable resemblance to Pegasus, which the company dubbed Chrysaor.
It took months for the two companies to identify Pegasus for Android. The espionage app is thought to be developed by NSO Group Technologies, who specialize “in the creation and sale of software and infrastructure for targeted attacks”.
On their own independent analysis, Lookout mentioned that the espionage app represents “the common feature-set that we see from nation states and nation state-like groups”. According to the security firm, such threats are meant to track a target both in the physical and virtual worlds.
To put that into perspective, Pegasus is capable of extraordinary functions. These include keylogging, capturing of live audio, video, and screenshots, exfiltration of data from various applications, text messages, browser history, email, and even remote control of the spyware via SMS commands.
An even more impressive fact is that Pegasus for Android can self-destruct when compromised through a variety of checks. That includes checking whether the mobile country code associated with the SIM card is invalid or not, and if the app has been unable to connect to its server for 60 days.
Unlike its iOS counterpart, which used three previously unknown security vulnerabilities to install itself on targeted devices, Pegasus for Android uses Framaroot instead, a well-known rooting technique which can bypass security.
Such sophisticated spyware and espionage tools are created after requests by specific agencies and are unfortunately often used against citizens of countries with questionable democratic values. Pegasus for Android, as an espionage app of its own, was likely used for similar purposes.
While the average user has nothing to fear against attacks of this magnitude, the fact that they exist and can live on in a mobile OS for months before being discovered is certainly troubling. With an IoT explosion in the horizon, the importance of security in the cyberspace cannot be overstated.