Predator The Pegasus Kind Spyware
While NSO Group’s ‘Pegasus‘ spyware in headlines, other groups quietly sold equally powerful spyware. A report on spyware called ‘Predator’ released detailing after finding it on an iPhone that had also been infected with NSO Group’s Pegasus.
An exiled Egyptian politician named Ayman Nour became suspicious because his phone was “running hot.” Researchers found Nour’s phone was infected with Pegasus and also identified other spyware, which researchers determined was Predator. They also connected Predator to Cytrox, based in North Macedonia.
Both phones were iPhones running iOS 14.6 the latest version at the time of the hacks which suggests that Predator exploited a never seen vulnerability in the iPhone’s software to infect the phones.
Predator and Pegasus have similar feature sets and, Predator was delivered to Nour’s iPhone via a malicious link sent over WhatsApp. When the link opened, was able to gain access to the phone’s cameras and microphone, as well as pull data off the phone. Unlike Pegasus, Predator cannot silently infect a phone without user interaction. The spyware relies on user input, like clicking a malicious link, to activate.
Researchers said Predator makes up for that with persistence the spyware can survive a reboot of an iPhone, which would typically clear out any spyware lurking in the phone’s memory. It does so by creating an automation using the Shortcuts feature built into iOS.
Meta banned Cytrox
Meta banned seven groups including Cytrox from its platforms and said it removed over 1,500 Facebook and Instagram accounts associated with the seven groups. These accounts were used to send malicious links to targets in over 100 countries. The company alerted some 50,000 people it believes were targeted by these groups.
Predator was likely being used by government customers in Armenia, Greece, Serbia, Indonesia, Madagascar, Oman, Egypt and Saudia Arabia. Meta’s investigation also found Predator customers in Vietnam, the Philippines and Germany.