1 min read

Predator Spyware Used Zero-Days to Infect Android Devices, Google Says

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Predator Spyware Used Zero-Days to Infect Android Devices, Google Says

State-backed actors have exploited five zero-day vulnerabilities to deploy Predator spyware on compromised devices, Google’s Threat Analysis Group (TAG) disclosed in a new security report.

In the attacks, part of three malicious campaigns launched between August and October 2021, the perpetrators leveraged zero-day exploits against Chrome and Android OS. They managed to install Predator spyware on fully updated devices, the report shows.

Security experts believe a commercial surveillance company supplied the exploits to various government-backed threat actors who used them in the attacks. According to Google TAG’s analysis, the perpetrators are from Armenia, Egypt, Madagascar, Greece, Serbia, Côte d'Ivoire, Spain and Indonesia.

“The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem,” according to Google TAG’s report.

The three campaigns used a total of five previously unknown zero-day Chrome and Android vulnerabilities:

In all three campaigns, attackers emailed their targets one-time links purporting to be URL shortener services. Accessing the infected link takes the victim to a malicious domain where the exploits are deployed on the compromised system. The victim is then redirected to a legitimate website.

If the attacker’s domain was not active, the victim would land directly on the legitimate website. The campaigns saw the perpetrators deploy an Android banking trojan (Alien) with RAT features, which was used to load the Predator implant. The latter would allow a series of critical permissions on the infected systems, such as hiding apps, recording audio, and adding CA certificates.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like