'Predator' spyware used by foreign hackers to attack Android and Chrome users

Google has revealed that government-backed hackers are using shady spyware to attack its users.

Last week, researchers from Google’s Threat Analysis Group, published details of three campaigns that used a spyware called ‘Predator’ to target Android users.

According to the report, Cytrox, a private firm based in North Macedonia, allegedly sold access to four ‘zero-day’ security flaws to government-affiliated hackers.

The security flaws included three in the Chrome browser as well as one in the Android operating system.

Google said that the clients who bought this information were government-linked ‘threat actors’ in multiple foreign countries. These actors likely used the information to conduct hacking campaigns with invasive spyware ‘Predator’ developed by Cytrox.

‘We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below,’ said researchers with Google’s Threat Analysis Group (TAG) in a blog post.

TAG researchers said that it was likely that the government-backed actors purchasing these exploits were operating in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.

Google’s TAG team also sad that a majority of the zero-day vulnerabilities they discovered last year were intentionally ‘developed’ by private surveillance firms like Cytrox.

What are ‘zero-day’ security flaws?

Zero-day vulnerabilities are unknown software flaws. Until they’re identified and fixed by the developers, they can be exploited by attackers.

Google’s Threat Analysis Group (TAG) actively hunts for these types of vulnerabilities because they can be particularly dangerous when exploited and have a high rate of success.

‘Seven of the nine 0-days TAG discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors,’ said the researchers.

‘TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors,’

Cytrox is also said to have given its clients access to a number of ‘n-day’ vulnerabilities that targeted users who had not updated their devices or applications.

Last year, Cytrox was banned on Facebook for spying on tens of thousands of Instagram and Facebook users.

Source: Read Full Article