The Pegasus espionage app, first discovered on iOS, has now been found on Android.
This is no regular malware. Ars Technica states Pegasus is “Quite possibly the most sophisticated Android espionage app ever”. That’s saying a lot. This is also something you probably don’t have to worry about.
What does the app do? It spies. It’s functions include:
- Screenshot capture
- Live audio and video capture
- Remote control of the malware via SMS
- Messaging data exfiltration from common applications including WhatsApp, Skype, Facebook, Twitter, Viber, and Kakao
- Browser history exfiltration
- E-mail exfiltration from Android’s Native E-mail client
- Contacts and text message exfiltration
Beyond this, the app has the ability to self destruct should it appear that it is at risk of being discovered. And this is all started by rooting the phone utilizing the Framaroot method. If this is not achieved, the app attempts to gain permissions from the user to carry out it’s purpose.
Google states that the app was never in the Google Play Store. Instead, this app is being utilized by state actors in very specific attacks. The targeted phones are located primarily in Georgia, Mexico, Turkey, Kenya, Kyrgyzstan, Nigeria, Tanzania, the United Arab Emirates, Ukraine, and Uzbekistan.
The app, both on Android and iOS is being attributed to the NSO Group. This is an Israel based company which deals in lawful intercept software which is sold to legitimate law enforcement agencies.