This Android malware could be the most sophisticated we’ve seen yet

Why it matters to you

If malware like this makes its way to your phone, it could be devastating to both your phone and your data.

It looks like Android owners have yet another hack to worry about. Security researchers from Google and Lookout are warning of a new malware that’s “one of the most sophisticated and targeted mobile attacks” we’ve seen yet. It’s called Chrysaor, and it was actually first developed as a zero-day iOS exploit called Pegasus. It was previously used to spy on a human rights activist from the United Arab Emirates. Now, however, there’s an Android version of the exploit, too.

Once installed, the malware allows hackers to spy on things like calls, texts, emails, the camera, and even the keys that you type on your device — so it’s not a hack you want on your phone.

More: MacOS isn’t immune to malware! Let these antivirus apps give your system a booster shot

The iOS and Android versions have some major differences. The iOS version, for example, was first developed to jailbreak devices using a total of three zero-day exploits. Zero-day exploits are basically hacks that expose small vulnerabilities in the code of a device. Thankfully, however, Apple patched the vulnerabilities in August, rendering the hack useless.

On Android, Chrysaor works slightly differently. If it can’t root the phone, it instead requests permissions from unknowing users that will still allow it to eventually steal your data. On top of that, the malware is programmed to uninstall itself if it can be spotted, meaning that you may never know that your device was hacked.

Chrysaor isn’t widespread, but it could be devastating if gets installed on your phone. So how do you avoid it? The researchers noted that no apps with Chrysaor have been discovered on Google Play, so users should avoid downloading apps from third-party sources. Google Play has always been, and remains, the safest way to download and install apps on your Android phone. Not only that, but Google has contacted users it thinks were infected with the malware, so if you never got a notice, then it’s likely you weren’t infected.