Malware is an ongoing problem with the rampant advance of technology, but the story of at least one Android malware ended quite peacefully, with Google nipping Chrysaor, a reborn Pegasus, before it even managed to pass three dozen active installations. The highly targeted malware never hit the Play Store, but chose its targets carefully, just as its iOS-bound predecessor did. Thus, while it did only manage to reach a small number of users, Google acted quickly and drastically to ensure the safety of the affected users’ data and devices. Verify Apps was employed to check the scale of the attack, and to help prevent future instances.
The way that Chrysaor worked was quite brilliant, in the realm of malware. First, it embedded itself into a single app that a targeted user downloaded. There were no details on how the targeting happened; it may have been random, or through social engineering. In any case, the unsafe app would request seemingly innocuous permissions and use them to try to bring other apps with similar functionality on board. When the puzzle was completed, the user was left with a full-system vulnerability that could be utterly devastating. The most interesting part, however, was how well Chrysaor hid itself; if the malware was at any point compromised or had any part of itself thrust into the open where a user could inspect it, it would delete all traces of itself from the user’s device.
Piecemeal malware is usually a sign of a very targeted attack, and a graph produced by Google shows that this new malware wasn’t too far off from its predecessor, which was created to spy on a single individual in the United Arab Emirates through jailbreak privileges and small vulnerabilities. Chrysaor, for all intents and purposes, has been defeated at this point; Google has told the world about it, and all of the major malware protection suites likely either already protect against it or will soon. Still, threats of a similar manner can hide almost anywhere. Malware has made it into the Play Store before, but statistically, it’s the safest place to get your apps.