Google researchers Threat Analysis GroupTAG recently warned about the strong Hunter Spyware that is targeted Android Devices, worldwide. As part of an ongoing effort to make Android smartphones more secure, Google’s TAG explores zero-day vulnerabilities that could be exposed by cybercriminals and other threatening actors. These vulnerabilities pose a serious threat because they have just been exposed and Google Has issued patches to fix them.
What is Predator Spyware?
A recent report by Tech Giant states that Predator Spyware was created by a commercial company. Google suspects that the spyware was created by a company called Citrox, which is headquartered in Skopje. Northern Macedonia. This malicious spyware is capable of recording audio, adding CA certificates and even hiding apps. Predator Spyware was sold to government-backed threat actors in Egypt, Armenia, Greece, Madagascar, C ডিte d’Ivoire, Serbia, Spain, and Indonesia, where it was secretly used to spy on high-value targets such as political rivals, journalists, and other outspoken individuals. . Critics of their respective governments.
How did Google’s TAG discover this spyware?
TAG in a new blog post highlights three separate campaigns that took place between August and October 2021. In this campaign, state-backed attackers used five different zero-day vulnerabilities to install Predator Spyware on fully updated Android devices.
How Do Alien and Predator Spyware Work?
Cytrox is using emails to distribute this spyware where victims are receiving a message that is linked to a one-time link that mimics a URL shortener service. Victims are being redirected to a domain owned by the attacker once they click the link. This domain will provide a simple Android malware called ALIEN before redirecting their browser to a legitimate website.
Alien Android Malware Predator is responsible for loading spyware that infected the first targeted Android devices. Alien receives commands from Predator that allow spyware to record audio, add CA certificates, and even hide apps on the user’s device.
Who is Predator Spyware used against?
Like spyware Predators and pegasus Not used like traditional malware. This spyware is used against high-value targets like journalists and politicians. For example, the number of target users in Google’s featured campaign was in the tens. Dislike Emotate And I want to cry, Where thousands or millions of users were affected However, it is important to be aware of spyware and take the necessary steps to avoid falling prey to it. Attackers can use this spyware to track your online activity across the web and create a profile on you.
What are zero-day vulnerabilities and why do attackers often use them?
Zero-day vulnerabilities have a wide range of attack surfaces so cybercriminals and other threatening actors prefer to take advantage of their attacks. Generally, vulnerabilities are less harmful once a patch is released for them. However, it may still expose users who have not updated their systems or software. In the case of zero-day vulnerabilities, a patch remains to be written and distributed, so their attack is much more likely to succeed.
Even if users keep their systems and software up-to-date, they can be the target of zero-day attacks. That’s why Google’s TAG and other cybersecurity experts are constantly on the lookout for new zero-day vulnerabilities that could not be exploited by attackers. This constant search will allow vendors to be alerted before these vulnerabilities are discovered by cybercriminals and will create a patch to fix them as soon as possible.