Security News > 2023 > May > Alien versus Predator? No, this Android spyware works together
The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.
The software, which is designed to spy on and extract data from the devices it's slipped into, is available for Google Android and Apple iOS. In its deep dive published on Thursday, which examines the Android version of the code, Talos suggests Alien is more than just a loader for a Predator, and that the two work in combination to enable all kinds of espionage and intelligence-gathering activities on compromised devices.
Like fellow snoopware Pegasus, which needs zero user interaction to infect victims' devices, Predator and Alien have been documented exploiting zero-days and other vulnerabilities to infect and take over Android phones.
"Alien is not just a loader but also an executor - its multiple threads will keep reading commands coming from Predator and executing them, providing the spyware with the means to bypass some of the Android framework security features," Talos said.
Predator is an ELF file that uses Python modules and native code to perform its spying activities.
Working with the Alien loader, the spyware also identifies the device manufacturer.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/27/predator_analysis_talos/
Related news
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)