Security News > 2022 > May > Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits
Google's Threat Analysis Group on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day flaws, four in Chrome and one in Android, to target Android users.
"The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said.
Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns.
The list of the five exploited zero-day flaws in Chrome and Android is below -.
The ultimate goal of the operation, the researchers assessed, was to distribute a malware dubbed Alien, which acts as a precursor for loading Predator onto infected Android devices.
The third campaign - a full Android 0-day exploit - was detected in October 2021 on an up-to-date Samsung phone running the then latest version of Chrome.
News URL
https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html
Related news
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)