Black Hat A study into government-grade Android spyware led researchers to a new strain of surveillance malware lurking in the Google Play app store – a strain that has now been unceremoniously booted out of the software marketplace.Last month it was revealed that the Mexican government was infecting smartphones with malware to spy on lawyers, journalists, and activists. Researchers at Google and mobile security shop Lookout did some further digging into this covert surveillance tool, and discovered this kind of state-level software nasty is slightly more common than some might think.
The Mexican government used some iOS malware called Pegasus, which was built by Israeli hackers-for-hire NSO Group. That organization also offers an Android equivalent dubbed Chrysaor. This Android variant was considerably less sophisticated than its Apple cousin, as it exploited really old vulnerabilities in Google’s OS whereas Pegasus exploited zero-day flaws in iOS to compromise phones. In fact, it appeared Chrysaor was tailored to compromise Android 4.3 and earlier.