Security News > 2022 > May > Google: Predator spyware infected Android devices using zero-days
In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.
The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.
"All three campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. The campaigns were limited - in each case, we assess the number of targets was in the tens of users," the Google TAG analysts added.
Spyware implant dropped using Android banking trojan.
In these campaigns, the attackers first installed the Android Alien banking trojan with RAT functionality used to load the Predator Android implant, allowing recording audio, adding CA certificates, and hiding apps.
As Google TAG researchers revealed, Russian-backed government hackers linked to the Russian Foreign Intelligence Service exploited the Safari zero-day to target iOS devices belonging to government officials from western European countries.
News URL
Related news
- Google fixes two Android zero-days used in targeted attacks (source)
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)