New malware spies on politicians and journalists’ phones

Following in Pegasus’ footsteps, spyware “Predator” also enables authoritarian governments to spy on individuals.

If the Israeli company NSO Group has catalyzed the majority of the attention on spyware in recent months with its spyware Pegasus, it is obviously not the only one to offer this type of service.

Meta, who runs Facebook, Instagram, and WhatsApp, said they ‘ve banned new companies that spy on their users for a fee. The survey was conducted by Meta and Citizen Lab , a Brussels-based civic technology company. Meta said these companies monitor users in more than 100 countries. These companies operate from 7 different countries, including China, Israel, India and North Macedonia. Their services have reportedly been used by around 20 governments.

After several months of investigation, affected users were notified and the infrastructure of monitoring companies was completely blocked from Meta’s platforms. About 1,500 accounts have been deleted and web addresses from which malicious spyware was distributed have been blocked. Of course, this blocking of social networks will not completely disrupt their activities, but it should make attacks and distribution of malware much more difficult.

Less known, but just as dangerous

Among these companies, the Macedonian company ” Cytrox ” particularly interested researchers with its spyware ” Predator “. Initial reports suggest that tens of thousands of people, including politicians and journalists, have already fallen victim to this spyware. Some victims were also jointly infected by Pegasus and Predator.

As with Pegasus, Predator exploits software vulnerabilities in Android and iOS smartphones, which then allow the device to become infected. Then it is possible to monitor an individual, follow their conversations live, and use the cameras or the microphone to spy on them.

Unlike Pegasus however, Predator is not able to infect its victims ” invisibly “. It imperatively requires interaction from the victim, such as clicking on a WhatsApp link for example. However, it compensates for this shortcoming with great persistence.

It’s important to realize that NSO is just one part of a much larger global cyber-mercenary ecosystem ,” the researchers conclude. “Cytrox and its Predator spyware, on the other hand, are relatively unknown. […] This model will persist as long as autocratic governments are able to obtain sophisticated hacking technology. In the absence of international and national regulations and safeguards, journalists, human rights defenders and opposition groups will continue to be hacked in the future. “

Related posts

Be wary of SteelFox malware attacking Windows using a copyright-cracking tool

Lazarus exploits zero-day vulnerability in Chrome to steal cryptocurrency

Detect fake survey emails to install Linux malware on Windows systems