×
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT

Google detects Predator spyware targeting Android phone users

The sophisticated Predator spyware is said to be created by Cytrox, North Macedonia
Last Updated 25 May 2022, 10:37 IST

It is not even a year since the Pegasus spyware scandal made headlines around the world. Several government agencies had hired Israeli company NSO Group for spyware to track journalists, human rights activists, and political rivals.

Now, Google's Threat Analysis Group (TAG) during their routine screening of zero-day threats online, has detected another spyware Predator on Android mobile phones.

[Note: Zero-day vulnerability is a computer/mobile software loophole wherein a solution is yet to be found. If left unattended, hackers can exploit it to modify programs, steal data from PCs, mobiles, or a network or track people]

CitizenLab, which was the lead investigative agency to unearth Pegasus spyware, offered inputs to Google's TAG and it has come to light that some government-backed actors operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia, purchased Predator spyware to spy on journalists with Android phones.

The sophisticated Predator spyware is said to be created by Cytrox in North Macedonia.

"We assess that these campaigns delivered ALIEN, a simple Android malware in charge of loading PREDATOR, an Android implant described by CitizenLab in December 2021. ALIEN lives inside multiple privileged processes and receives commands from PREDATOR over IPC (interprocess communication). These commands include recording audio, adding CA certificates, and hiding apps," Google Threat Analysis Group said.

Predator spyware operators exploited the vulnerabilities in Chrome browser and Android phones and targeted journalists and activists by sending them compromised URLs via anonymous texts on messenger and email apps. When clicked, the threat actors were able to install the malware into the devices.

Google TAG performed the threat analysis on Samsung phones between August and October 2021 and the company has fixed the security loopholes through a security software patch.

Zero-day vulnerabilities:
On Chrome: CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003 in Chrome
On Android: CVE-2021-1048

Android phone users are advised to upgrade to the latest updates. Also, it is good practice to avoid replying or clicking on URL links in messages from unknown senders.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 25 May 2022, 08:33 IST)

Follow us on

ADVERTISEMENT
ADVERTISEMENT