Predator spyware has been targeting Android devices, according to Google’s Threat Analysis Group (TAG).
The University of Toronto and Citizen Lab published the research. Both Cytrox’s Predator and NSO Group’s Pegasus spyware infected Egyptian exiled politician Ayman Nour’s phone. “Two different government clients” were managing it.
What is the Predator spyware?
Google says, a company called Cytrox allegedly created the spyware. Cytrox was classified as a North Macedonian startup by the University of Toronto. It can record audio, add CA certificates, and hide apps, among other things.
“Cytrox appears to have a corporate presence in Israel and Hungary,” according to the report.
“Cytrox’s Israeli companies were founded in 2017 as Cytrox EMEA Ltd,” according to the Toronto researchers. Cytrox is a member of the “Intellexa alliance”. It appears to be a marketing term for mercenary surveillance companies, as per the researchers.
TAG has been following 30 surveillance vendors, according to the company. “We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns,” Google writes in a blog post.
Confirmed strikes in any of the locations?
“Consistent with findings from CitizenLab, we assess likely government-backed actors purchasing these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia,” Google’s TAG team wrote in a blog post.
The hacking took the form of one-time URLs sent through email to targeted Android users that looked like URL shortener services, the blog also states.
“We assess that these campaigns delivered ALIEN, a simple Android malware in charge of loading Predator, an Android implant described by CitizenLab in December 2021.”
According to Google, tracking the commercial surveillance business will necessitate a “robust” approach. Then, intelligence teams, network defenders, university researchers, and technology platforms can carry them out.
What can I do to defend myself against the predator spyware?
All Chrome and Android users have already received a software fix from Google. So, to avoid becoming a victim of this spyware, simply upgrade your Android and Chrome to the most recent available software update.