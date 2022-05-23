scorecardresearch
Follow Us:
Monday, May 23, 2022
Must Read

Google’s Threat Analysis Group reveals how commercial spyware was used to hack into Android

Once a targeted Android user clicked a link, they would be redirected to an attacker-owned domain that would deliver the exploits before redirecting to a legitimate website.

By: Tech Desk | Thalassery |
May 23, 2022 10:35:55 am
Google's Threat Analysis Group concluded with high confidence that the latest discovered exploits were packaged by Cytrox and sold to different government-backed actors. (File photo)

Google’s Threat Analysis Group (TAG) has discovered three zero-day malware government-backed campaigns that used the Predator spyware suite developed by commercial surveillance firm Cytrox. The hacking group took advantage of five previously unknown Android vulnerabilities and some vulnerabilities that were known but not patched by the victims. The attacks were similar to those conducted using the infamous Pegasus software from NSO.

A zero-day is an unidentified vulnerability in a system that is not known to the developers who created the software. A zero-day attack is when hackers take advantage of such vulnerabilities to gain unauthorised access to a system. Google’s Project Zero researchers had earlier reported on a sharp uptick in the discovery of such exploits in 2021.

TAG has concluded with high confidence that the latest discovered exploits were packaged by Cytrox and sold to different government-backed actors who used them in at least three campaigns. The group assessed that the government-backed actors purchasing these exploits are operating in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.

https://images.indianexpress.com/2020/08/1x1.png
Also Read |Many top global websites found to collect, leak email IDs and even passwords: Report

The actors used these zero-day exploits alongside other discovered vulnerabilities, because the malware developers were able to take advantage of the time difference between when some critical bugs were discovered and when patches for them were deployed across the Android ecosystem.

Best of Express Premium

ExplainSpeaking: Fisc in the time of monetary tighteningPremium
ExplainSpeaking: Fisc in the time of monetary tightening
Delhi Confidential: Haryana CM Manohar Lal Khattar and his love for JapanesePremium
Delhi Confidential: Haryana CM Manohar Lal Khattar and his love for Japanese
Nikhat Zareen: ‘People told my father that boxing was a men’s sportPremium
Nikhat Zareen: ‘People told my father that boxing was a men’s sport
Remove harmonium from Golden Temple? Sikh music scholars strike differing...Premium
Remove harmonium from Golden Temple? Sikh music scholars strike differing...
More Premium Stories >>

According to TAG, these findings emphasise how commercial surveillance vendors have built capabilities that were historically only used by governments with the technical expertise to develop and operate such exploits. The proliferation of such commercial surveillance companies means that these capabilities are now available for any government that can buy them.

All three campaigns delivered links mimicking URL shortener services targeted to Android users through email. Once a user clicked a link, they would be redirected to an attacker-owned domain that would deliver the exploits before redirecting to a legitimate website.

If the malware link was not active, the user would be directly sent to a legitimate website. Google saw that these techniques were used against journalists and other unidentified targets, whom the company alerted whenever possible.

These campaigns delivered an Android malware called ALIEN, an Android implant that lives inside the device and receives commands from PREDATOR, an Android implant. These commands included recording audio, adding CA certificates and hiding apps.

🗞 Subscribe Now: Get Express Premium to access our in-depth reporting, explainers and opinions 🗞️

For all the latest Technology News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
© IE Online Media Services Pvt Ltd
Advertisement

More Tech

Advertisement

Photos

OnePlus 9RT first look
First look: OnePlus 9RT with triple camera, 120 Hz display launched in India

Best of Express

Must Read

Advertisement

May 23: Latest News

Advertisement