Security News > 2022 > May > Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits
Google's Threat Analysis Group on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day flaws, four in Chrome and one in Android, to target Android users.
"The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem," TAG researchers Clement Lecigne and Christian Resell said.
Cytrox is alleged to have packaged the exploits and sold them to different government-backed actors located in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, who, in turn, weaponized the bugs in at least three different campaigns.
The list of the five exploited zero-day flaws in Chrome and Android is below -.
The ultimate goal of the operation, the researchers assessed, was to distribute a malware dubbed Alien, which acts as a precursor for loading Predator onto infected Android devices.
The third campaign - a full Android 0-day exploit - was detected in October 2021 on an up-to-date Samsung phone running the then latest version of Chrome.
News URL
https://thehackernews.com/2022/05/cytroxs-predator-spyware-target-android.html
Related news
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)