Security News > 2022 > May > Google: Predator spyware infected Android devices using zero-days
In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.
The government-backed malicious actors who purchased and used these exploits to infect Android targets with spyware are from Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, and Indonesia, according to Google's analysis.
"All three campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. The campaigns were limited - in each case, we assess the number of targets was in the tens of users," the Google TAG analysts added.
Spyware implant dropped using Android banking trojan.
In these campaigns, the attackers first installed the Android Alien banking trojan with RAT functionality used to load the Predator Android implant, allowing recording audio, adding CA certificates, and hiding apps.
As Google TAG researchers revealed, Russian-backed government hackers linked to the Russian Foreign Intelligence Service exploited the Safari zero-day to target iOS devices belonging to government officials from western European countries.
News URL
Related news
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)