NSO Group and its powerful Pegasus malware has dominated discussions about commercial spyware vendors selling their hacking tools to governments, but researchers and technology companies are increasingly sounding the alarm about activities in the wider hiring surveillance industry. As part of the effort, Google’s threat analysis team on Thursday released details of three companies that used the popular Predator spyware software, developed by North Macedonian firm Cytrox, to target Android users.

According to Cytrox findings published in December by Toronto’s Citizen Lab researchers, TAG saw evidence that state-sponsored actors who bought Android exploits were in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire. Spain. , and Indonesia. And there could be other customers. The hacking tools took advantage of five previously unknown Android vulnerabilities, as well as known bugs that were fixed but which the victims did not fix.

“It’s important to shed light on the ecosystem of surveillance providers and how these exploits are sold,” says Google TAG Director Shane Huntley. “We want to reduce the ability of both suppliers and governments and other entities that buy their products to throw these dangerous zero days at no cost. If there is no regulation and downside to using these opportunities, you will see it more and more often. ”

The commercial spyware industry has given governments that do not have the resources or experience to develop their own hacking tools to access a wide range of surveillance products and services. This allows repressive regimes and law enforcement agencies to acquire more tools to monitor dissidents, human rights defenders, journalists, political opponents and ordinary citizens. And while much of the focus has been on spyware targeting Apple’s iOS, Android is the dominant operating system worldwide and is facing similar attempts at exploitation.

“We just want to protect users and find that activity as soon as possible,” Huntley says. “We don’t think we can find everything all the time, but we can slow down these actors.”

TAG says it currently tracks more than 30 hiring surveillance providers who have different levels of public presence and offer a variety of exploits and surveillance tools. In the three Predator companies reviewed by TAG, attackers sent Android users one-time e-mail links that looked as if they had been abbreviated using a standard URL abbreviation. The attacks were targeted, focusing on only a few dozen potential victims. When a target clicked on a malicious link, it went to a malicious page that automatically began deploying exploits before quickly redirecting them to a legitimate website. On this malicious page, the attackers deployed “Alien”, Android malware designed to download the full spy tool Cytrox, Predator.

As with iOS, such attacks on Android require the consistent use of a number of operating system vulnerabilities. By deploying fixes, operating system vendors can break these chains of attacks by sending spyware vendors back to the board to develop new or modified exploits. But while this makes it harder for attackers, the commercial spyware industry can still thrive.

“We can’t ignore the fact that the NSO Group or any of these vendors are just part of a larger ecosystem,” says John Scott-Raylton, senior researcher at Citizen Lab. “We need cooperation between the platforms so that law enforcement and mitigation measures cover the full extent of what these commercial players are doing and make it difficult for them to continue.”

Source by [author_name]

Previous articleKing of Jordan restricts communication, residence, movement of Prince Hamza – SABC News
Next articleThe Texas lawsuit says that Google’s “private viewing” mode is not entirely private – SABC News