What is Predator spyware and why is Google warning Android smartphone users about it


Explanation What is Predator spyware and why does Google warn Android smartphone users about it

Researchers from Googleit is Threat Analysis GroupTAG have recently warned of powerful PREDATOR spyware that targets android devices, worldwide. Google’s TAG looks for zero-day vulnerabilities that may be exposed by cybercriminals and other threat actors as part of its ongoing efforts to make Android smartphones more secure. These vulnerabilities pose a serious threat as they have just been disclosed and Google has released patches to fix them.

What is Predator Spyware?
Recent reports from the tech giant mention that the Predator spyware is allegedly developed by a commercial entity. Google suspects that this spyware is developed by a company called Cytrox headquartered in Skopje, North Macedonia. This malicious spyware is capable of recording audio, adding CA certificates and even hiding apps. Predator spyware has been sold to government-backed threat actors in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia, where it has been used covertly to spy on high-value targets such as political rivals, journalists and other outspoken people. critics of their respective governments.

How did Google TAG discover this spyware?
TAG highlighted three separate campaigns that took place between August and October 2021 in a new blog post. In these campaigns, state-backed attackers used five different zero-day vulnerabilities to install Predator spyware on fully updated Android devices.

How do ALIEN and PREDATOR spyware work?
Cytrox uses e-mails to distribute this spyware where victims receive an attached message with a unique link that imitates a URL shortening service. Victims are redirected to a domain owned by the attacker once they click on the link. This domain will deliver a simple Android malware called ALIEN before redirecting their browser to a legitimate website.

The Alien Android malware is responsible for loading the Predator spyware which first infected the targeted Android devices. Alien receives commands from Predator that allow the spyware to record audio, add CA certificates, and even hide apps on a user’s device.

Against whom is Predator spyware used?
Spyware like Predator and Pegasus are not used like traditional malware. This spyware is used against high value targets such as journalists and politicians. For example, the number of target users in the campaigns discussed by Google was several dozen. Contrary to emoticon and want to cry, where thousands or millions of users have been affected. Nevertheless, it is important to be aware of spyware and take the necessary steps to avoid falling victim to it. Attackers can use this spyware to track your online activities on the web and create a profile about you.

What are zero-day vulnerabilities and why do attackers often use them?
Zero-day vulnerabilities have a wider attack surface, so cybercriminals and other threat actors prefer to exploit them in their attacks. Usually, vulnerabilities are less harmful once a patch has been released. However, it can still expose users who have not updated their systems or software. In the case of zero-day vulnerabilities, a patch has not yet been written and distributed, so there is a much higher chance that their attacks will succeed.

Users can still fall victim to a zero-day attack even if they keep their system and software up to date. That’s why Google’s TAG and other cybersecurity experts are constantly on the lookout for new zero-day vulnerabilities that haven’t yet been exploited by attackers. This constant research will allow them to alert vendors before these vulnerabilities are discovered by cybercriminals and create a patch to fix them as soon as possible.


You Can Read Also

World News



Leave a Reply

Your email address will not be published.