This new Android malware self-destructs when detected


What will the criminals think of next?

Pegasus for Android — a new version of an existing malware that was called “the most sophisticated mobile attack ever found” when it first infiltrated the iOS world last fall — has now made the leap to Android devices.

And just like in a spy movie or TV show, this malware will self-destruct if it thinks it’s been discovered or otherwise compromised!

Read more: Report: 1 million Google accounts hacked by new malware

Take a closer look at Pegasus for Android

Back in August 2016, researchers first discovered Pegasus iOS. That particular strain of malware was being used by state-sponsored hackers to invade the privacy of political activists around the world, according to The New York Times.

But Pegasus iOS largely flew under the radar of both its victims and the broader cyber-security community for several years following its creation.

After its discovery last year, people began to wonder if and when an Android version would surface.

Well, that day has finally come…

Pegasus for Android has been discovered thanks to the joint research efforts of Google and mobile security firm Lookout.

Pegasus for Android flow chart


The newly discovered Pegasus for Android has basically the same kinds of spying functionality that its iOS predecessor had.

Here are some of the invasive methods it uses to capture info:

  • Keylogging
  • Screenshot capture
  • Live audio capture
  • Remote control of the malware via SMS
  • Messaging data exfiltration from common apps including WhatsApp, Skype, Facebook, Twitter, Viber and Kakao
  • Browser history exfiltration
  • Email exfiltration from Android’s Native Email client
  • Contacts and text message

Now here’s where it gets really weird…

Pegasus for Android also has what researchers are calling “suicide functionality.”

In plain English, that means the malware will remove itself from a device under four circumstances:

  1. The SIM MCC ID is invalid.
  2. An “antidote” file exists.
  3. It has not been able to check in with the servers after 60 days.
  4. It receives a command from the server to remove itself.
In a lengthy technical analysis of Pegasus for Android, Lookout notes the following:
“It appears that Pegasus for Android will kill itself if it is unable to detect the MCC subscriber ID or finds it to be invalid. This is likely to prevent it from being run on test devices and emulator environments which may not be connected to a cellular network.”

Sounds like some hackers were watching way too much Mission: Impossible when they wrote the self-destruct code for this one!

Here’s how can you protect yourself

While Pegasus has not been found in the United States, it has been found as close as Mexico. That makes a jump across the border not entirely out of the question.

So Android developers recommend following these safety protocols to keep yourself safe going forward:

  1. Only install apps from reputable sources such as Google Play. There are no known instances of Pegasus for Android popping up anywhere on Google Play.
  2. Having a secure lock screen is paramount. Especially now that we’re reading about thermal heat imaging cameras being used to capture your phone’s secret PIN!
  3. Always make sure you install the latest software updates from your operating system. These often include security and protection updates to help protect your device.
  4. Use Verify Apps. This Google tool will scan apps before you install them for malware. Here’s how to enable it on your phone.
  5. Have a backup plan if your phone gets stolen or lost. Android Device Manager makes it easy to ring and locate your device. You can also remotely wipe your files clean if the need arises!

Read more: NYPD warning: Don’t do this with your cell phone

These apps let you send cash from your phone for free

  • Show Comments Hide Comments