Predator spyware

New Predator Spyware Lets Government Hackers Break Into Chrome And Android.

Google said Monday that a rogue private surveillance firm sold access to almost half a dozen major security loopholes in Chrome and Android to government-affiliated hackers last year. These governments then employed Cytrox’s “predator” spyware to complete their hacking campaigns. Because of New Predator Spyware, your Android phone and Chrome browser may be in danger of state-sponsored hacking.

Cytrox, a murky North Macedonian business, is accused of selling access to four zero-day system vulnerabilities in the Chrome browser and one in the Android operating system. Clients included government-linked “threat actors” from a variety of nations who utilized the exploits to execute hacking campaigns using Cytrox’s invasive spyware “Predator.”
In a blog post, Google‘s Threat Analysis Group (TAG) announced the news and mentioned that they think likely government-backed entities acquiring these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain, and Indonesia, consistent with CitizenLab findings, Google noted.

Predator Spyware
Image source: tosshub.com

Cytrox exploited n-day vulnerabilities as well as zero-day weaknesses (vulnerabilities that have yet to be patched) (ones that have been already patched by Google). This frequently occurs when consumers do not regularly update their gadgets.
Surveillance organizations like Cytrox were responsible for a large portion of the zero-day vulnerabilities disclosed last year. Pegasus, anyone? Yes, the same instrument that governments around the world use to spy on journalists, public personalities, and members of opposition parties. It was created by the Israeli NSO Group and is said to have been used by the Indian government.

How the hacking took place:

One-time URLs that were shortened and delivered over email were used to target Android users. “Once the target clicked the link, the browser was transferred to an attacker-owned domain that delivered the attacks before redirecting to a legitimate website,” Google added.
The first case was discovered in August 2021 on an un-updated Samsung Galaxy S21. This was accomplished by exploiting existing Chrome flaws and opening URLs without the user’s knowledge. And this was only one of the campaigns.

In the world of hacking, what Cytrox has done is considered incredibly advanced and clever. It is a next-level cyber company to sells access to security weaknesses that require its own spyware to exploit. The zero-day exploits were employed alongside n-day vulnerabilities, according to Google, since the spyware’s makers took advantage of the time gap between when major defects were patched but not recognized as security issues and when these fixes were fully carried out across the Android ecosystem.
In other words, the monitoring firm granted spyware rights to individuals who had not fully updated their gadgets, giving them access to security weaknesses. Google had released updates, but users took their time to install them. Google said that their findings highlight the extent to which commercial surveillance vendors have proliferated capabilities that were previously only employed by governments with the technical expertise to design and operationalize exploits.

Google stated that its Android and Chrome teams were quick to respond to the vulnerabilities and repair them. Cytrox appears to be comparable to NSO Group, which produces and distributes Pegasus, arguably the most destructive cyber weapon, to various countries for espionage on targeted devices.
In recent years, hacking scandals involving the private spy business have sparked much debate. This is bad news for businesses that must protect items that are used by hundreds of millions of people. Cytrox is making things difficult for the security teams at Google, Apple, and Microsoft, and it doesn’t appear that they’ll be getting a break anytime soon.