Hackers Exploit Android Vulnerabilities
Google’s TAG researchers have tracked another spyware recently launched by dark web hackers. The company’s Threat Analysis Group (TAG) reported that they have observed several state-sponsored hacking groups that are involved in one of the latest cyber security threats. According to the group, the threat actors are now busy executing the Predator spyware. Analytical reports show that the latest spyware was built with five zero-day bugs vulnerabilities, by Cytrox which is a commercial surveillance firm.
With the unique capabilities of the Cytrox software, the hackers successfully launched cyber security breaches by utilizing the zero-day weaknesses affecting Chrome and the Android OS. The threat actors were able to install the Predator spyware on fully up-to-date Android devices. Cyber researchers have tracked these newest hacking attacks, which were part of three other cyber attacks campaigns that began in the latter part of the year around August and October 2021.
The team of cyber analysts states that the criminal hackers use Cytrox, which helped them launch massive attacks against their victims. According to TAG, the monitoring outfit found that most of the hackers were located in countries such as Egypt, Armenia, Greece, Madagascar, and Côte d’Ivoire. Additionally, Google’s research analysts show the top three countries were Serbia, Spain, and Indonesia, which utilized the vulnerabilities flaws to implant malicious spyware on Android targets.
Hackers Target Zero-days Vulnerabilities
The discovery by the Google team has been consistent with CitizenLab’s article that details the Cytrox mercenary spyware. With the report released in December 2021, researchers detected the harmful cyber crime tool on the phone of exiled Egyptian politician Ayman Nour. CitizenLab, Nour’s phone, according to an investigation was infected with the NSO Group’s Pegasus malicious malware.
TAG reported that tracked hacking campaigns showed that the hackers send targeted Android users spyware infected URLs from URL shortener services. The cyber researchers noted that the malicious spyware landed in the inbox of tens of thousands of unsuspecting victims.
Also, the Google TAG experts noted that once the victim clicks on the malicious link, they are forwarded to the hackers’ website. At this infected webpage, the victim is exploited and then diverted to another malicious domain controlled by the dark web hackers.
Predator Android Spyware
This assault method has shown that the criminals were state-sponsored hackers, who were employed to hack into the devices of journalists, and other high profile targets, which were previously warned about being targeted by government-sponsored hacking groups.
Most of the attacks show that the threat actors employed the Android Alien banking trojan that is loaded with the dangerous RAT features. This Predator Android spyware can capture audio, add its own CA certificates, and even conceals itself from detection.
TAG’s team of researchers stated that as of July 2021 four additional zero-day vulnerabilities were infiltrated by hackers and used to target users of Google’s Chrome, Internet Explorer, and Safari web browser WebKit.