Google’s security group has found as many as 5 Zero-day vulnerabilities that were used to install spyware called Predator to infect Android smartphones. Google has its Threat Analysis Group which has identified the threat posed by different factors. It says the Predator spyware has been developed by a commercial surveillance company Cytrox.
Apart from this, TAG also mentions that the attacks took place between August and October last year. The attackers used the zero-day exploits to target. Chrome OS and Android platform to install the spyware on Android phones that were up-to-date on their security patches.
Additionally, The most worrying part is that Cytrox is likely to have sold the spyware to attackers who seem to have the backing of the governments of their respective countries. TAG highlights that the threat actors were from Egypt, Madagascar, Serbia, Spain, and Indonesia among others.
However, These are not the names you would associate with spyware intrusions, but Google’s TAG findings suggest the government in these countries has looked into surveillance of particular individuals. Predator has all the imprints of another spyware that we have heard a lot about in recent times, called Pegasus, which has been developed by the NSO Group and allegedly bought by governments to spy on targeted people.
On the other hand, The report further explains the mode of attacks deployed to infect devices with spyware. And it is hardly surprising to hear they send one-time access URLs via email. When the person opens the links, they end up going to a domain owned by the attacker for a few seconds when the spyware is installed, and then redirected to the original website source.
Moreover, The TAG team says the spyware wasn’t meant to attack millions of users. They say the targets were tens of users, suggesting a clear thought-out strategy to attack specific individuals or entities with the spyware for surveillance.