Security News > 2022 > May > Predator spyware sold with Chrome, Android zero-day exploits to monitor targets

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group.
Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.
"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits," the researchers wrote, adding that seven of the nine zero-day exploits that TAG discovered last year were developed by commercial vendors and sold to government-backed operators.
While NSO Group and its Pegasus spyware is perhaps the most notorious of these commercial providers, we're told that TAG is tracking more than 30 such software providers that possess "Varying levels of sophistication." All of them are selling exploits or surveillance malware to governments for supposedly legitimate purposes.
The security researchers surmise that the attackers didn't have exploits for the then-current version of Chrome and instead used n-day exploits against Samsung Browser, which was running an older version of Chromium.
TAG analyzed one other campaign, a full Android exploit chain, targeting an up-to-date Samsung phone running the latest version of Chrome.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/24/predator_spyware_zero_days/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Serbian police used Cellebrite zero-day hack to unlock Android phones (source)
- Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)
- New North Korean Android spyware slips onto Google Play (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)