This dangerous Android malware spies on your every move – what to do
As part of its ongoing efforts to Android smartphones more secure, Google’s Threat Analysis Group (TAG) often spends its time looking for zero-day vulnerabilities that can be exploited by cybercriminals and other threat actors. These vulnerabilities pose a serious risk to users as they have been disclosed but have not yet been patched.
in a new blog postTAG highlights three separate campaigns that took place between August and October 2021, in which state-backed attackers used five different zero-day vulnerabilities to install Predator spyware on fully updated Android devices.
Unlike traditional malware, spyware like Predator and Pegasus is used against high-value targets such as journalists and politicians. For example, in the campaigns discussed by Google, the number of targets was in the tens of users as opposed to the thousands or millions as was the case with emoticon and want to cry before that.
Nonetheless, spyware is something everyone should be aware of and take steps to avoid falling victim to, as an attacker can track your online activities on the web and create a profile about you.
What is Predator Spyware?
According to Google, Predator is relatively new spyware believed to have been created by commercial surveillance company Cytrox, based in Skopje, North Macedonia. It was sold to government-backed threat actors in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia, who used it to covertly spy on high-value targets such as political rivals, journalists and other outspoken critics of their respective governments.
The three campaigns described in Google’s report used unique links that mimicked URL Shortener services that were sent to targeted Android users via email. If a user clicked on one of these links, they were redirected to a domain owned by an attacker that delivered the zero-day exploits in question before redirecting their browser to a legitimate website.
The targeted Android devices were first infected with an Android malware known as Alien who is responsible for loading the Predator spyware. Alien receives commands from Predator that allow the spyware to record audio, add CA certificates, and hide apps on a user’s device.
Why attackers often use zero-day vulnerabilities
Cybercriminals and other threat actors prefer to exploit zero-day vulnerabilities in their attacks because they have a larger attack surface. Once a patch for a vulnerability has been released, they can only target those who have not updated their systems or software. However, with zero-day vulnerabilities, a patch has yet to be written and distributed, so there is a much higher chance that their attacks will succeed.
Even if you keep all your software up to date, you could still fall victim to a zero-day attack, which is why Google’s Threat Analysis Group and others like it are constantly on the lookout for new vulnerabilities. zero-day that have yet to be exploited in the wild. The reason behind this is that they can hopefully alert the vendors before these vulnerabilities are discovered by cyber criminals and create a patch to fix them.
How to protect yourself from spyware
Once spyware has found a new home on your device, it can be difficult to remove, as the goal of this type of malware is to stay undetected. As such, you better take preventive measures as soon as possible.
First, you need to install antivirus software on your computer or mobile antivirus on your smartphone. It should be noted that Microsoft Defender comes pre-installed on all Windows PCs, as it does with Google Play Protect on Android smartphones. Although a paid antivirus gives you more features, both of these products effectively protect your devices against malware and other cyber threats.
To avoid being infected with spyware, Kaspersky recommends being careful about consenting to cookies on the sites you visit, installing an anti-tracking browser extension, and keeping all your installed software up to date with the latest patches. At the same time, it should be remembered that free software always has a cost and can often access your data.
Fortunately, spyware is generally only used against high-profile targets and not ordinary users. However, if you believe you are at risk of being targeted by state-sponsored malicious actors, you can still enroll in the Google program. Advanced Protection Program for free although you may need to buy more than one security keys to better protect your online accounts.