Google has announced it is investigating an extremely sophisticated form of spyware that has been found on Android smartphones. However, it added that the affected apps were never available in Google Play.
Named Chrysaor by Google, the malware is believed to be related to the Pegasus spyware first identified on iOS. Google chose the name specifically, with Pegasus and Chrysaor being brothers.
In a blog post, Google said that it is constantly working to improve its systems to protect users from Potentially Harmful Applications (PHAs). The company explained that PHA authors usually attempt to install their harmful apps on as many devices as possible.
Google added: “However, a few PHA authors spend substantial effort, time, and money to create and install their harmful app on one or a very small number of devices. This is known as a targeted attack.”
According to Google, Chrysaor is believed to be created by NSO Group Technologies, which specialises in creating and selling software and infrastructure for targeted attacks.
Explaining how it was discovered, Google said that in late 2016, after receiving a list of suspicious package names from Lookout, the company found that a few dozen Android devices may have installed an application related to Pegasus, which it named Chrysaor.
Google then identified the scope of the problem by using its Verify Apps program, which checks for PHAs. Google said it collected data from affected devices, and attempted to acquire Chrysaor apps to gain a better understanding of its impact on users.
The company behind Android said it has contacted those potentially affected users, as well as disabled the applications on affected devices and implemented changes in Verify Apps to protect all users.
Google said that among the more than 1.4 billion devices protected by Verify Apps, it recorded fewer than three dozen installations of Chrysaor on devices.