Predator spyware is still active and more difficult to track – here's how to stay safe

Smartphone hacked with data flow in the background
(Image credit: Shutterstock)

After going quiet for a few months amid public exposure and US sanctions, the Predator spyware is back and is even better to evade detection.

This is the worrying revelation coming from experts at Insikt Group as they detect the new infrastructure of the mercenary spyware toll in multiple countries, including in the Democratic Republic of the Congo (DRC) and Angola.

"Predator is far from disappearing," wrote experts. "Recent findings by Insikt Group reveal that Predator's infrastructure is back with modifications to evade detection and anonymize users."

Developed by the Intellexa Alliance – a group of companies among which many are EU-based – Predator spyware is a highly invasive mobile hacking software (for both Android and iPhone) designed to leave minimal traces on affected devices. It uses both one-click and zero-click attack vectors to install itself on targeted phones, taking advantage of browser vulnerabilities and network access. 

Investigations suggest that this sophisticated mercenary spyware, similar to the infamous Pegasus developed by Israeli firm NSO Group, has been largely used by government actors since at least 2019.

Predator is highly dangerous due to its level of intrusiveness. Once the device is infected, the spyware has unrestricted access to the microphone, camera, and all users' data, such as contacts, messages, photos, and videos, without their knowledge.

Did you know?

As the spyware problem keeps getting bigger, a group of civil societies is calling on European regulators for "an EU-wide ban on the production, export, sale, import, acquisition, transfer, servicing and use of spyware."

The latest report found that Predator's operators "significantly enhanced their infrastructure" by adding layers of complexity that make it even more difficult to trace it. The malicious software now has an additional tier in its delivery system which anonymizes customer operations. Put simply, it's now even harder for researchers to identify the countries using Predator and track how its usage spread.

"The re-emergence of Predator spyware is a stark reminder of the growing dangers posed by mercenary spyware," wrote experts. "Public reporting, ongoing research, and stronger regulations are critical in minimizing the damage caused by tools like Predator."

How to protect yourself from Predator spyware

It's true that spyware tools are powerful malware and full protection against them is very difficult. Simply connecting to security software like the best VPN and antivirus apps, for instance, isn't enough to fight back the spyware threat. Yet, there are still some steps you can take to considerably reduce the risk of becoming a target.

As experts pointed out: "[Predator] infrastructure has evolved, making it harder to track and identify users, but with the right cybersecurity practices in place, individuals and organizations can reduce their risk of becoming targets."

Hence, if you are a high-profile individual – like a politician, journalist, activist, or company's executive – you need to be vigilant at all times. Below are Insikt Group's suggested defensive measures you should  take to mitigate the risk of a Predator's attack:

  • Keep your software updated at all times. A piece of advice that never gets old, staying on top of your device updates considerably reduces potential vulnerabilities that Predator might exploit. 
  • Regularly reboot your device. Rebooting your device can also help in disrupting spyware operations, so experts suggest doing that periodically. Bear in mind that a reboot may not be enough to completely eliminate advanced spyware.
  • Enable lockdown mode. Both available on iPhones and Android phones, lockdown mode is a security feature that boosts device protection with stringent controls, such as disabling biometrics access.  
  • Boost your organization's security. If you're looking to protect your workforce, experts suggest implementing a mobile device management (MDM) system while investing in security awareness training to educate employees against online risks.
Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com