Google warns Android smartphones targeted by dangerous Predator spyware

Android
(Image credit: Future)

Android smartphones in a number of countries around the world have been targeted by powerful PREDATOR spyware, researchers from Google’s Threat Analysis Group (TAG) have warned. 

The company’s recent report says that the spyware, allegedly developed by a commercial entity - a company called Cytrox, headquartered in Skopje, North Macedonia - is capable of recording audio, adding CA certificates, and hiding apps.

Cytrox is being distributed via email, with victims receiving a message carrying a one-time link mimicking a URL shortener service. Once clicked, the victim would then be redirected to a domain owned by the attacker, that would deliver simple Android spyware called ALIEN.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

ALIEN and PREDATOR

The target endpoint would then be redirected to a legitimate site, to minimize suspicion. 

ALIEN, which lives inside multiple privileged processes, would then load PREDATOR, and receive further commands from the spyware over IPC, such as audio recording.

This technique, the TAG team says, was seen to be used before against journalists.

In this particular case, while specific targets are not known, the researchers have found the spyware to be used at least by government-backed actors in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain, and Indonesia.

The findings have once again placed commercial entities, developing “legitimate” spyware, into the limelight. Companies such as the NSO Group have been building powerful malware and selling it to governments around the world, claiming their tools assist law enforcement agencies in the fight against terrorism, and other threats to national security.

However, security firms have found these tools to be used, numerous times, against journalists, political activists, the opposition, whistleblowers, close family members of high-ranking officials, etc. 

This has prompted privacy and human rights activists to demand its termination and in some countries, it worked. NSO Group, and its products, for example, have been banned in the United States. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Kaspersky Report on Stalkerware
Security flaw in popular stalkerware apps is exposing phone data of millions
Stalkerware
New spyware found to be snooping on thousands of Android and iOS users
mobile phone
Popular Android financial help app is actually dangerous malware
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments