Security News > 2023 > May > Predator: Looking under the hood of Intellexa’s Android spyware
Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details.
Predator is a commercial spyware for mobile platforms developed and sold by Israeli company Intellexa.
In May 2022, Google TAG revealed five Android zero-day vulnerabilities that the Predator spyware chained to perform shellcode execution to drop Predator's loader 'Alien' on a targeted device.
The Alien loader is injected into a core Android process named 'zygote64' and then downloads and activates additional spyware components based on a hard-coded configuration.
Alien continues to operate on the device, facilitating discreet communications between the spyware's components by hiding them within legitimate system processes and receiving commands from Predator to execute while bypassing Android security.
Since neither could be retrieved from infected devices, parts of Intellexa's Predator spyware remain uncharted.