Called Chrysaor , the Android variant can steal Attack.Databreach data from messaging apps , snoop over Attack.Databreach a phone ’ s camera or microphone , and even erase itself . On Monday , Google and security firm Lookout disclosed the Android spyware , which they suspect comes from NSO Group , an Israeli security firm known to develop smartphone surveillance products . Fortunately , the spyware never hit the mainstream . It was installed less than three dozen times on victim devices , most of which were located in Israel , according to Google . Other victim devices resided in Georgia , Mexico and Turkey , among other countries . Users were probably tricked Attack.Phishing into downloading the malicious coding , perhaps though a phishing attack Attack.Phishing . Once it installs , the spyware can act as keylogger , and steal Attack.Databreach data from popular apps such as WhatsApp , Facebook and Gmail . In addition , it possesses a suicide function that ’ ll activate if it doesn ’ t detect a mobile country code on the phone -- a sign that the Android OS is running on an emulator . The surveillance features are similar to those found in Pegasus , which has also been linked with NSO Group . At the time , Lookout called the spyware the most sophisticated attack it ’ s ever seen on a device . The iOS variant exploited three previously unknown vulnerabilities to take over a phone and surveil the user . The spyware was uncovered when a human rights activist in the United Arab Emirates was found infected by it . His phone had received Attack.Phishing an SMS text message , which contained a malicious link to the spyware . But Lookout had also been investigating into whether NSO Group developed an Android version . To find out , the security firm compared how the iOS version compromises an iPhone and matched those signatures with suspicious behavior from a select group of Android apps . Those findings were then shared with Google , which managed to identify who was affected . However , unlike the iOS version , the Android variant doesn ’ t actually exploit any unknown vulnerabilities . Instead , it taps known flaws in older Android versions . Chrysaor was never available on Google Play , and the small number of infected devices found suggests that most users will never encounter it , the search giant said