Predator The Pegasus Kind Spyware

While NSO Group’s ‘Pegasus‘ spyware in headlines, other groups quietly sold equally powerful spyware. A report on spyware called ‘Predator’ released detailing after finding it on an iPhone that had also been infected with NSO Group’s Pegasus.

Persistent Predator

Predator and Pegasus have similar feature sets and, Predator was delivered to Nour’s iPhone via a malicious link sent over WhatsApp. When the link opened, was able to gain access to the phone’s cameras and microphone, as well as pull data off the phone. Unlike Pegasus, Predator cannot silently infect a phone without user interaction. The spyware relies on user input, like clicking a malicious link, to activate.

Researchers said Predator makes up for that with persistence the spyware can survive a reboot of an iPhone, which would typically clear out any spyware lurking in the phone’s memory. It does so by creating an automation using the Shortcuts feature built into iOS.

Meta banned Cytrox

Meta banned seven groups including Cytrox from its platforms and said it removed over 1,500 Facebook and Instagram accounts associated with the seven groups. These accounts were used to send malicious links to targets in over 100 countries. The company alerted some 50,000 people it believes were targeted by these groups.

Predator was likely being used by government customers in Armenia, Greece, Serbia, Indonesia, Madagascar, Oman, Egypt and Saudia Arabia. Meta’s investigation also found Predator customers in Vietnam, the Philippines and Germany.