Security News > 2022 > May > Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits
Google's Threat Analysis Group on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day flaws, four in Chrome and one in Android, to target Android users.
"The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said.
Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns.
The list of the five exploited zero-day flaws in Chrome and Android is below -.
The ultimate goal of the operation, the researchers assessed, was to distribute a malware dubbed Alien, which acts as a precursor for loading Predator onto infected Android devices.
The third campaign - a full Android 0-day exploit - was detected in October 2021 on an up-to-date Samsung phone running the then latest version of Chrome.
News URL
https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)