Security News > 2022 > May > Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits

Google's Threat Analysis Group on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day flaws, four in Chrome and one in Android, to target Android users.

"The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said.

Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns.

The list of the five exploited zero-day flaws in Chrome and Android is below -.

The ultimate goal of the operation, the researchers assessed, was to distribute a malware dubbed Alien, which acts as a precursor for loading Predator onto infected Android devices.

The third campaign - a full Android 0-day exploit - was detected in October 2021 on an up-to-date Samsung phone running the then latest version of Chrome.

News URL

https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html