North Macedonia-based Cytrox is alleged to have developed the powerful Predator spyware.
It has only been a year since the Pegasus spyware story grabbed international headlines.
Several government agencies have recruited the Israeli firm NSO Group to install spyware on journalists, human rights activists, and political opponents.
Google‘s Threat Analysis Group (TAG) has discovered another spyware called Predator on Android phones during its usual screening of zero-day threats online.
Some government-backed actors operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Spain, and Indonesia purchased Predator spyware to eavesdrop on journalists with Android phones, according to CitizenLab, which was the key investigative agency that unearthed Pegasus spyware.
Cytrox in North Macedonia is alleged to have invented the powerful Predator spyware.
“These efforts, we believe, delivered ALIEN, a simple Android malware capable of loading PREDATOR, an Android implant first reported by CitizenLab in December 2021.
PREDATOR sends commands through IPC to ALIEN, which lives inside numerous privileged processes (interprocess communication).
These commands include audio recording, CA certificate addition, and app concealment “According to the Google Threat Analysis Group.
Predator spyware operators targeted journalists and activists by sending them contaminated URLs via anonymous texts on chat and email apps, exploiting vulnerabilities in Chrome and Android phones.
When the threat actors clicked, the virus was installed on the machines.
Between August and October 2021, Google TAG conducted threat analysis on Samsung phones, and the business has since patched the security flaws with a security software patch.
Zero-day vulnerabilities:
CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003 in Chrome; CVE-2021-1048 in Android
Users of Android phones should update to the most recent versions.
It is also a good idea to refrain from responding to or clicking on URL links in messages from unknown senders.