The Predator spyware infected Android smartphones by exploiting a 0-day flaw

Do you remember Pegasus? Another spyware sold to States and targeting android mobiles would have made it possible to spy on personalities.

The Threat Analysis Group (TAG) is a specialized Google team that works against hacking by government or government-related actors, and attacks against Google and its users.

Governments involved

A TAG report has just been released that Android device owners have been targeted by a dangerous spyware known as Predator.

This was developed by the monitoring company Cytrox, based in North Macedonia. The company has reportedly designed a turnkey product that offers a way to exploit five zero-day security vulnerabilities on Chrome and Android. She wants to sell it to customers supported by government organizations in the following countries: Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia.

At least three campaigns have been carried out with the aim of distributing Predator on Android devices. Each time, the same process was used: a phishing email contained shortened URL links which, once clicked, temporarily redirected the targets to a malicious domain. The latter quickly did its job before redirecting the user to a legitimate site so that he did not suspect anything.

Pegasus, Predator… Who will be the next big spyware?

The operation allows hackers to install the Alien malware on the affected device. This will then let the hackers remotely load the Predator spyware on the mobile. This is capable of making audio recordings, generating certification authorities and concealing malicious applications that become undetectable.

The three campaigns took place between August and October 2021. The first two exploited security flaws in the Chrome browser, and the last directly exploited a zero-day vulnerability in the Android kernel.

The campaigns were extremely targeted and specifically aimed at personalities of interest. Google estimates that for each of them, only a few dozen individuals were concerned by these espionage attempts.

After Pegasus, it seems that the fashion for spyware purchased by bodies close to governments is not about to end.

Source : The Hacker News