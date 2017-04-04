A PARTICULARLY INTERESTING, if you like that sort of thing, piece of iOS malware has an Android equivalent that tempted us, and hopefully you, with talk of espionage, winged horses and the thrill ride that is IT security in general.

Lookout Security is publishing information on the Pegasus malware's arrival on Android, where it's known as 'Chrysaor'. It says that it is a piece of sophisticated malware weaponry that was created and sold by a cyber arms dealer. In the iOS world, the tool can be used to remotely jailbreak a phone, which could lend itself to all kinds of mayhem. It was clear that Android needed a hero.

"The security intelligence teams at Google and Lookout collaborated to discover and track Pegasus as it exists on the Android platform (aka Chrysaor) in order to roll out protection for Android users," says LookOut in its report on all this.

"This investigation originated with the Lookout August report and led to all Android users being protected against this threat. On the Android platform, the Pegasus software has many of the same features that we described in the original Lookout report [on iOS Pegasus]."

Those features are not positives, in fact, they are big negatives. While Pegasus might have done that Jason guy a tonne of favours it does not promise the same for your Android - probably the clockwork owl in these circumstances.

It can capture data from Google things like email, as well as a range of other timewaster obsessions like WhatsApp, Facebook and Twitter. It can also screengrab and has the ability to keylog and record audio. It is everything you want if you are a spying government or other agency, but not if you are a punter.

"Pegasus for Android is an example of the common feature-set that we see from nation states and nation-state-like groups. These groups produce advanced persistent threats (APT) for mobile with the specific goal of tracking a target not only in the physical world, but also the virtual world….," it says.

"Pegasus is highly advanced in its stealth, its use of exploits, its code obfuscation, and its encryption. It has a broad surveillanceware feature set."

Google has done its own blog on this, naturally, and it makes clear that the app route of infection was never enabled by any listing on the Play store and that it has swept in and got rid of all winged horse smelling threats. It does suggest that Pegasus, or Chrysaor, was created by the shady NSO Group Technologies outfit.

"Google is constantly working to improve our systems that protect users from Potentially Harmful Applications (PHAs). Usually, PHA authors attempt to install their harmful apps on as many devices as possible. However, a few PHA authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices," it explains.

"This is known as a targeted attack. Chrysaor was never available in Google Play and had a very low volume of installs outside of Google Play. Among the over 1.4 billion devices protected by Verify Apps, we observed fewer than 3 dozen installs of Chrysaor on victim devices."

There is some advice available, for example only download from trusted sites, always stay updated, use smart passwords, use lock screens and don't be a dumbass. µ