Google’s Threat Analysis Group (TAG), which is constantly looking out for vulnerabilities and threats across devices and software, has cautioned against a powerful spyware called ‘Predator’ that is using a zero-day vulnerability to attack Android and Chrome users. Also Read - CERT-In flags bugs in Chrome OS, Mozilla products that can allow attackers to gain access to your data
In its latest blog post, TAG has warned that a total of five vulnerabilities — four in Chrome web browser and one in Android operating system — are being exploited by attackers to deliver Predator spyware to victims. This spyware is not only good at hiding apps but it is also capable of recording audio and of course, spying on the victim. Also Read - Google June feature drop for Pixel phones includes Air Quality Alert, Sound Amplifier and more
Before we talk at length about the Predator spyware, let’s first understand what a zero-day vulnerability is. Also Read - Google is doing away with Android Auto for Phone Screens
What is a zero-day bug?
Zero-day vulnerabilities are unknown software flaws in devices and software that can be exploited by malicious actors for attacking victims until a software patch is rolled out to fix it. Once a software update is released, the vulnerability can no-longer be exploited by the attackers.
What is Predator spyware?
Predator is spyware developed by a company called Cytrox, which is based in North Macedonia, which is capable of recording audio, adding CA certificates, and hiding apps. According to an analysis by TAG and Citizen Labs, Cytrox sold its spyware to government-backed actors in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.
How does Predator work?
Predator spyware works by delivering a one-time links mimicking URL shortener services to the targeted Android users via an email. Once clicked, the link redirects the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website. If the link is not active, the user will be redirected directly to a legitimate website.
“We assess that these campaigns delivered ALIEN, a simple Android malware in charge of loading PREDATOR,” TAG wrote in a blog post.
“TAG continues to track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors,” Google added in the blog post.
Who is Predator spyware targeting?
As far as victims are concerned, the Threat Analysis Group, in its report said that ‘the number of targets was in the tens of users.’ So far the Predator spyware has been used to target journalists and other unidentified targets. The company also said that it has alerted those users when possible.
How can I protect myself?
Google has already issued a software patch to all Chrome and Android users. To protect yourself from falling prey to this spyware, all you need to do is update your Android and Chrome to the latest available software update.