Security News > 2022 > May > Predator spyware sold with Chrome, Android zero-day exploits to monitor targets

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group.

Based on CitizenLab's analysis of Predator spyware, Google's bug hunters believe that the buyers of these exploits operate in Egypt, Armenia, Greece, Madagascar, Côte d'Ivoire, Serbia, Spain, Indonesia, and possibly other countries.

"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits," the researchers wrote, adding that seven of the nine zero-day exploits that TAG discovered last year were developed by commercial vendors and sold to government-backed operators.

While NSO Group and its Pegasus spyware is perhaps the most notorious of these commercial providers, we're told that TAG is tracking more than 30 such software providers that possess "Varying levels of sophistication." All of them are selling exploits or surveillance malware to governments for supposedly legitimate purposes.

The security researchers surmise that the attackers didn't have exploits for the then-current version of Chrome and instead used n-day exploits against Samsung Browser, which was running an older version of Chromium.

TAG analyzed one other campaign, a full Android exploit chain, targeting an up-to-date Samsung phone running the latest version of Chrome.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/24/predator_spyware_zero_days/