Security News Predator: Looking under the hood of Intellexa’s Android spyware

MuzzMelbourne

MuzzMelbourne

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
597
Content source
https://www.bleepingcomputer.com/news/security/predator-looking-under-the-hood-of-intellexas-android-spyware/
Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details.

Predator is a commercial spyware for mobile platforms (iOS and Android) developed and sold by Israeli company Intellexa.

The spyware family has been linked to surveillance operations targeting journalists, high-profile European politicians, and even Meta executives.

The spyware can record phone calls, collect information from messaging apps, or even hide applications and prevent their execution on infected Android devices.
Click to expand...
www.bleepingcomputer.com

Predator: Looking under the hood of Intellexa’s Android spyware

Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Trident, Correlate and Jonny Quest
Jonny Quest

Jonny Quest

Level 4
Mar 2, 2023
181
"The spyware can record phone calls, collect information from messaging apps, or even hide applications and prevent their execution on infected Android devices".
Okay, how did this get installed, and from the below link, I didn't see where it was a downloaded app that installed the Predator spyware or through an Android update, a download link, spyware implants...what are those?
How does, did that happen, @Trident any ideas?

www.bleepingcomputer.com

Google: Predator spyware infected Android devices using zero-days

Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox.
www.bleepingcomputer.com www.bleepingcomputer.com

Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox.

In these attacks, part of three campaigns that started between August and October 2021, the attackers used zero-day exploits targeting Chrome and the Android OS to install Predator spyware implants on fully up-to-date Android devices.
 
Last edited:
  • Like
Reactions: Zero Knowledge, MuzzMelbourne, Trident and 1 other person
Trident

Trident

Level 19
Verified
Well-known
Feb 7, 2023
937
@Jonny Quest from the link it looks like links were sent by email. Once clicked, the domain/web page exploited 5 zero-day vulnerabilities (that’s quite unusual and impressive as an attack which suggests the attackers were well funded). Through the exploit the Alien loader was delivered which further downloaded necessary components for the spyware and kept them hidden within system processes.

This is a highly commercial spyware similar to the Mercenary that targeted Apple users like journalists and other people of interest.

blog.talosintelligence.com

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
blog.talosintelligence.com blog.talosintelligence.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Zero Knowledge, Correlate, MuzzMelbourne and 1 other person
Jonny Quest

Jonny Quest

Level 4
Mar 2, 2023
181
Trident said:
@Jonny Quest from the link it looks like links were sent by email. Once clicked, the domain/web page exploited 5 zero-day vulnerabilities (that’s quite unusual and impressive as an attack which suggests the attackers were well funded). Through the exploit the Alien loader was delivered which further downloaded necessary components for the spyware and kept them hidden within system processes.

This is a highly commercial spyware similar to the Mercenary that targeted Apple users like journalists and other people of interest.

blog.talosintelligence.com

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
blog.talosintelligence.com blog.talosintelligence.com
Click to expand...
Thank you, buddy, for taking the time to hunt that down and for looking into it for me, as I really didn't catch how it was installed. But I thought the same thing, pretty impressive exploit.
 
  • Like
  • Hundred Points
Reactions: Zero Knowledge, Correlate, MuzzMelbourne and 1 other person
Trident

Trident

Level 19
Verified
Well-known
Feb 7, 2023
937
Jonny Quest said:
Thank you, buddy, for taking the time to hunt that down and for looking into it for me, as I really didn't catch how it was installed. But I thought the same thing, pretty impressive exploit.
Click to expand...
These spyware products are on sale for high prices, advertised as tools for “surveillance against criminals and terrorists” by organisations as NSO. It’s not their first product and it definitely won’t be the last. In the past few years, the ethics and purpose of their spyware have been questions not once or twice.
www.reuters.com

Britain sounds alarm on spyware, mercenary hacking market

British officials are sounding the alarm over the widespread abuse of surveillance software and hackers-for-hire, saying that thousands of people were being targeted each year by an industry they described as posing an increasingly unpredictable threat.
www.reuters.com www.reuters.com

NSO Group returns with triple iOS 15/16 zero-click spyware attack | Computerworld

The NSO Group hasn’t gone away; the privatized spying service was active in 2022 with zero-click exploits against iOS 15 and iOS 16, according to Citizen Lab.
www.computerworld.com www.computerworld.com

It further demonstrates that if you employ the right people and give them the right incentive, nothing is too secure.
 
  • Applause
  • +Reputation
  • Hundred Points
Reactions: Zero Knowledge, Correlate, MuzzMelbourne and 1 other person
S

Socalvisit

New Member
May 26, 2023
1
Trident said:
@Jonny Quest from the link it looks like links were sent by email. Once clicked, the domain/web page exploited 5 zero-day vulnerabilities (that’s quite unusual and impressive as an attack which suggests the attackers were well funded). Through the exploit the Alien loader was delivered which further downloaded necessary components for the spyware and kept them hidden within system processes.

This is a highly commercial spyware similar to the Mercenary that targeted Apple users like journalists and other people of interest.

blog.talosintelligence.com

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
blog.talosintelligence.com blog.talosintelligence.com
Click to expand...
It is a good Read!
 
  • Like
Reactions: Trident and Jonny Quest

Similar threads

CyberTech
    • Wow
    • Sad
    • Like
Israel police reportedly use Pegasus spyware on country’s own citizens, without warrants
Replies
4
Views
607
News Archive
shmu26
shmu26
CyberTech
    • Wow
    • Sad
    • +Reputation
NSO Android and iPhone spyware is linked to assaults and murder of dissidents – Amnesty
Replies
0
Views
851
News Archive
CyberTech
CyberTech
Tutman
    • Like
    • +Reputation
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
Replies
0
Views
550
News Archive
Tutman
Tutman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top