Google has warned users aboutPredator , new spyware being used bystate-backed attackers .- The spyware has been developed by
Cytrox , a company based in North Macedonia. - Here’s everything you need to know about the
Predator spyware .
The TAG in its latest $4 has highlighted a spyware dubbed as Predator, which was installed by state-backed attackers in three separate campaigns by exploiting five zero-day vulnerabilities.
Before we understand how the Predator spyware works, it is important to understand what a zero-day vulnerability is.
A zero-day vulnerability is a vulnerability that has been disclosed but it is not yet patched. An attack that exploits zero-day vulnerability is known as a zero-day exploit.
Google has claimed that Predator is relatively new spyware and has been created by surveillance company Cytrox, which is based in Skopje, North Macedonia.
Google has revealed that Predator spyware has been purchased by countries like Egypt, Armenia, Greece, Madagascar, Spain, and Indonesia among others.
According to Google, the attackers delivered one-time links similar to URLs created by URL shortener services via email. Once the user clicks on the link, they are directed to an attacker-owned website that delivers the exploit and then redirects the user to a legitimate website.
When the user is directed to the attacker’s website, an Android malware dubbed ALIEN is installed on their device. The malware then loads Predator on the device. The spyware is capable of recording audio, hiding apps and adding CA certificates.
Google has pointed out that similar techniques have been used in the past against journalists and other victims.
SEE ALSO:
$4
$4
$4