The recently uncovered Chrysaor spyware tool has an amazingly complex and stealthy way to record audio that is able to fly under the user's radar.
What the researchers found that once the malware is ensconced on a phone, usually through the use of a zero-day or tailor-made social engineering scheme, it calls back to its command and control server. The server then calls the phone, but the call is intercepted by the malware and the call is hidden from the device's owner using an overlay window and answers the call through the phone's Itelephony API.
The “conversation” between the malware and the command and control server is then muted and it blocks the media button as two extra layers of security.
“The remarkable sophistication and detail the malware uses to operate demonstrate the complexity and challenges mobile malware presents to a defender. The malware's authors made the utmost effort to keep the malware hidden from the user's eye and to draw no attention, while simultaneously exploiting his device to the extreme extent,” the Check Point research team wrote.
The team also believes this technology will soon be found on other types of malware.