Security News > 2023 > May > Alien versus Predator? No, this Android spyware works together

The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.

The software, which is designed to spy on and extract data from the devices it's slipped into, is available for Google Android and Apple iOS. In its deep dive published on Thursday, which examines the Android version of the code, Talos suggests Alien is more than just a loader for a Predator, and that the two work in combination to enable all kinds of espionage and intelligence-gathering activities on compromised devices.

Like fellow snoopware Pegasus, which needs zero user interaction to infect victims' devices, Predator and Alien have been documented exploiting zero-days and other vulnerabilities to infect and take over Android phones.

"Alien is not just a loader but also an executor - its multiple threads will keep reading commands coming from Predator and executing them, providing the spyware with the means to bypass some of the Android framework security features," Talos said.

Predator is an ELF file that uses Python modules and native code to perform its spying activities.

Working with the Alien loader, the spyware also identifies the device manufacturer.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/27/predator_analysis_talos/