Revealing new Android spyware makes users afraid.

Recently, researchers from Google's Threat Analysis Group (TAG) discovered a new type of Android spyware called Predator, which exploits vulnerabilities to steal data.

Predator is developed by Israeli company Intellexa (formerly Cytrox), designed to bypass security barriers on Android and exploit five different zero-day vulnerabilities while blocking some applications from executing when the phone is restarted.

In addition, this spyware is also distributed through another downloader called Alien, which can record call audio and collect contacts and messages on Signal, WhatsApp, and Telegram.

"Predator is an interesting spyware, dating back to at least 2019, designed to distribute new Python-based modules without multiple exploits, thus making it particularly flexible. Active and dangerous," explains Cisco Talos.

Alien is not just a loader but an executor. Alien's multiple threads will continue to read commands from the Predator and execute them, providing the spyware with the means to bypass some security features—Android's secret.

The various Python modules associated with Predator make it possible to accomplish many tasks, such as information theft, monitoring, remote access, and arbitrary code execution.

This finding shows that the use of commercial spyware and "mercenary" companies has increased significantly in recent years.

While these sophisticated tools are reserved only for the government to fight cybercrime, they are also misused to monitor dissidents, human rights activists, journalists, etc.

For example, digital rights group Access Now discovered evidence of Pegasus targeting dozens of people in Armenia, including an NGO worker, two journalists, a United Nations official, and a human rights inspector in Armenia. One of the victims was hacked at least 27 times between October 2020 and July 2021.