The malware can snoop on people’s conversations, act as keylogger, take screenshots, control camera and microphone.
A new Android RAT malware was detected in the wild, and it is considered to be the most advanced of its kind. Called Pegasus, the malware can sniff conversations, steal people’s messages and call records from instant messaging apps like WhatsApp, Facebook, Twitter, Skype, and Gmail.
What’s worse, is that Pegasus also comes with key-logging and screenshot-taking capabilities, while also being able to take control of the infected device’s camera and microphone. In short, it can take control of the device to a scary extent.
Bitdefender notes that even though Pegasus was only detected on a limited number of devices worldwide, it is a reminder that “ill-intended parties can leverage the flexibility of the Android operating system and build rogue applications for surveillance and monitoring.”
It was recently reported that Android has overtaken Microsoft Windows for the first time as the most popular operating system in the world regarding total Internet usage across desktop, laptop, tablet and mobile combined. Given these new stats, a malware with RAT capabilities such as Pegasus can have a massive impact if it spreads to more devices.
Thankfully, Bitdefender’s Liviu Arsene, Senior E-Threat Analyst, notes that investigations concluded the malware never existed in Google Play, which means it was distributed via other channels, such as third-party marketplaces. Affected users have contacted Google, and the applications have been disabled on the affected devices. Thanks to changes sent via Verify Apps, the changes are available to all Android users.
“It’s estimated that about three dozen specially selected individuals located in countries such as Israel, Georgia, Mexico, Turkey, UAE, and others have been targeted by this malware. Even though Pegasus was detected on a limited number of devices worldwide, it is a tough reminder about how ill-intended parties can leverage the flexibility of the Android operating system and build rogue applications for surveillance and monitoring. Smartphones “hear” and “see” almost everything we do 24h a day, 7 days a week, while other Android implementations, such as Smart TVs see the most intimate moments of our private life,” Arsene adds.
The Bitdefender specialist adds that it is estimated that two Pegasus samples were analyzes, with an additional six related digests. Since researchers believe that this tool was specifically-designed for a handful of targets, the numbers make sense.
As always, you should do your best to protect your devices from attacks. That includes with only installing apps from legitimate sources and making sure that you have the latest OS updates and security patches installed. Additional steps you should take to protect your device include enabling a lock screen, running an anti-malware app and checking where the apps you’re installing come from and if they have admin rights on the device.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.