Security Architecture, Endpoint/Device Security, IoT, Endpoint/Device Security, Threat Management, Threat Intelligence, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Chrysaor spyware’s live audio recording capability called sophisticated and elaborate


The recently uncovered Chrysaor spyware tool has an amazingly complex and stealthy way to record audio that is able to fly under the user's radar.

Check Point dug a bit deeper into Chrysaor to see how it pulls off this trick after it was revealed earlier this week that the malware had been ported over for use on the Android platform from iOS.

What the researchers found that once the malware is ensconced on a phone, usually through the use of a zero-day or tailor-made social engineering scheme, it calls back to its command and control server. The server then calls the phone, but the call is intercepted by the malware and the call is hidden from the device's owner using an overlay window and answers the call through the phone's Itelephony API.

The “conversation” between the malware and the command and control server is then muted and it blocks the media button as two extra layers of security.

“The remarkable sophistication and detail the malware uses to operate demonstrate the complexity and challenges mobile malware presents to a defender. The malware's authors made the utmost effort to keep the malware hidden from the user's eye and to draw no attention, while simultaneously exploiting his device to the extreme extent,” the Check Point research team wrote.

The team also believes this technology will soon be found on other types of malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.