The ‘Predator’ spy program, used to spy on politicians and journalists, is used in Colombia. A report that this Thursday by The New York Times.
The US paper cites Meta, as the Citizen Lab is known, a cyber security laboratory at the University of Toronto, which detected the use of ‘Predator’ in “Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, Serbia, Colombia, the Ivory Coast, Vietnam, the Philippines and Germany”.
The use of the program in those countries was determined “through Internet scans for servers known to be associated with spyware,” the article said.
In May this year, Google’s Threat Analysis Group (TAG) warned that the ‘Alien’ and ‘Predator’ spyware was developed by a company called Cytrox, based in the city of Skopje, in North Macedonia, in the Balkans.
Based on what has been learned so far, Cytrox is selling access to security flaws that its spyware exploits.
Last November, the Greek government faced a serious scandal when it admitted that ‘Predator’ was being used in that country to spy on politicians and journalists, although it denied that government agencies were involved. Mobile phones of 33 Greek public leaders, including ministers, were reportedly spied on by ‘Predator’.
In the investigation, Google found that Android users were being spied on after receiving “unique links that were shortened and sent via email”.
“Once clicked, the link redirected the target to an attacker-owned domain that provided the vulnerabilities before redirecting the browser to a legitimate website,” Google noted. ‘Predator’ records audio and hides posts after mobile phones invade.
“Once on your phone, Predator can access all your messages, calls, photos and passwords and has the ability to hide apps it doesn’t want you to access. Predator can add a certificate authority (CA) to your phone, tricking your device into trusting malicious apps and websites. You can also open the phone’s camera and microphone and turn it into a surveillance tool,” an ExpressVPN report dated November 30 indicates.
On May 19, Google added: “We’ve seen this technique used against journalists and other unidentified targets, and we’ve warned those users where possible. We judge that these campaigns delivered ALIEN, a simple Android malware responsible for loading PREDATOR, an Android implant described by Citizen Lab in December 2021. ALIEN resides within various privileged processes and receives commands from PREDATOR over IPC. These commands lock audio, add CA certificates, and hide applications.
Citizen Lab referred to Cytrox in a report as part of Intellexa, a competitor of NSO Group, an Israeli technology company that developed Pegasus spyware that enables remote surveillance of cellphones. Cytrox, according to Citizen Lab, says it is “EU-based and regulated, with six R&D sites and laboratories across Europe.”