Pegasus 2.0? Governments Using Private Firms To Install 'Predator' Spyware On Android
Google warned that a private surveillance company sold access to several security flaws in Chrome and Android to government-backed hackers.
Google has a dire warning for all Android users. The company warned that a private surveillance company sold access to several security flaws in Chrome and Android to government-backed hackers.
According to Google, Cytrox, a firm based in North Macedonia, allegedly sold access to four zero-day security flaws in Google Chrome along with one in the Android OS to goverment-linked "threat actors" in numerous countries. Then, these governments used Cytrox's spyware "predator" to finish their hacking campaigns.
How were the hacks discovered by Google?
Google's Threat Analysis Group (TAG) made the announcement in a blog post. "Consistent with findings from CitizenLab, we assess likely government-backed actors purchasing these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, C?te d¡¯Ivoire, Serbia, Spain and Indonesia," Google wrote.
In addition to zero-day flaws (that have not been patched), Cytrox also capitalised on n-days vulnerabilities (ones that have been already patched by Google). This usually happens when users do not update their devices regularly.
Also read: Apple, Google, And Microsoft Are Killing Traditional Passwords: What Will Change?
A major chunk of zero-day vulnerabilities that were discovered last year were purposely developed by surveillance firms like Cytrox. Remember Pegasus? Yep, the same tool used by governments all over the world to snoop on journalists, public figures, opposition party members. It was developed by Israel's NSO Group and has allegedly been used by the Indian government as well.
How were users targeted?
Android users were targeted using one-time links that were shortened and sent via email. " Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website," Google explained.
Using this technique, such campaigns were able to deliver ALIEN, an Android malware that loads PREDATOR, "an Android implant described by CitizenLab in December 2021."
Also read: Google Assistant Can Now Warn Chrome Users To Change Their Stolen Passwords
"ALIEN lives inside multiple privileged processes and receives commands from PREDATOR over IPC. These commands include recording audio, adding CA certificates, and hiding apps," Google added.
The first case was seen in August 2021 on a Samsung Galaxy S21 that hadn't been updated. This was done by using existing Chrome vulnerabilities and opening URLs without a user's interference. And this was just one campaign. Two other have been detailed in Google's post which you can read here.
What do you think about governments hacking their own citizens to snoop on them? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.