Pegasus malware poses limited risk
However, despite being easier to deploy, the Pegasus malware doesn’t appear to be widespread. Google said it “observed fewer than three dozen installs” of the malware in the 1.4 billion devices protected by Google Play services and Verify Apps.
“Late last year, after receiving a list of suspicious package names from Lookout, we discovered that a few dozen Android devices may have installed an application related to Pegasus, which we named Chrysaor. Although the applications were never available in Google Play, we immediately identified the scope of the problem by using Verify Apps,” Google researchers wrote in a blog post. “We gathered information from affected devices, and concurrently, attempted to acquire Chrysaor apps to better understand its impact on users. We’ve contacted the potentially affected users, disabled the applications on affected devices, and implemented changes in Verify Apps to protect all users.”
Google said “one representative sample” of the Pegasus malware was analyzed and found to be “tailored to devices running Jelly Bean (4.3) or earlier.” According to Google’s metrics, those versions of Android make up 12.6% of current devices, or approximately 176 million devices.
Google also noted users would need to be coaxed into installing a malicious app from an untrusted source in order to be infected, but it has already made improvements to Verify Apps to protect all Android devices that have Google Play services.
Michael Patterson, CEO of Plixer, said Pegasus malware could still be dangerous despite the rooting method mostly targeting older devices.
“The malware is still dangerous because malware evolves over time like most software that is maintained. Malicious software is often given away or stolen and used to create new variants,” Patterson told SearchSecurity. “While the malware is impacting phones five years old, the latest release could be better at evading detection and have new, richer theft features. Companies should have a network traffic analysis solution which is monitoring for odd traffic behaviors from mobile devices.”
Arsene suggested the standard protections for Android users: “To protect your Android devices install apps from legitimate sources, make sure you have the latest OS updates and security patches, enable a lock screen, ensure you run an antimalware app, and check on a regular basis what are the apps that have admin rights on your device.”