Android smartphones are targeted by dangerous spyware that listens to your conversations
A malicious private surveillance firm sold access to nearly half a dozen major security holes in Chrome and Android last year to government-affiliated hackers, Google has revealed.
According to Google’s Threat Analysis Group (TAG), at least eight governments around the world have bought a set of 5 Android zero-day flaws from a company called Cytrox and use them to install spyware on their targets’ cell phones. According to a recent Google report, this development highlights the sophistication of the monitoring offers available on the market.
These flaws are therefore likely to be among the 58 zero-day flaws that Google identified in 2021. However, as Maddie Stone points out in a recent update to Google’s Project Zero, ” the sharp increase in 0-day flaws in the wild in 2021 is due to increased detection and disclosure of these 0-day flaws, rather than just an increase in their use “.
How did Cytrox install spyware on victims’ phones?
Although we don’t know much about the Cytrox company, researchers have revealed that the headquarters are in Skopje, North Macedonia, and that the spyware used by the company is capable of recording audio dataadd CA certificates and hide applications.
According to Google, victims were emailed links to a fake website that installed spyware called Predator, a program similar to NSO Group’s Pegasus, capable of activating the microphone and performing other unwanted surveillance acts. Besides listening to conversations, the Cytrox malware can also hijack call logs and text messages, while monitoring notifications to evade detection.
Cytrox reportedly packaged loopholes to access Android smartphones and sold them to various government-backed actors in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia, who in turn used the bugs in at least three different campaigns between August and October 2021.
In December 2021, Meta disclosed that it had taken steps to remove approximately 300 Facebook and Instagram accounts that Cytrox used in its compromise campaigns.