According to Google's Threat Analysis Group(TAG), spyware named Predator has been targeting Android devices.

The University of Toronto along with Citizen lab had earlier published a report saying Egyptian exiled politician Ayman Nour's phone was infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware which was operated by "two different government clients."

What is the Predator spyware?

According to Google, the spyware has reportedly been developed by a company named Cytrox. The University of Toronto had described Cytrox as a North Macedonian startup.

The report noted that "Cytrox appears to have a corporate presence in Israel and Hungary."

"Cytrox’s Israeli companies were founded in 2017 as Cytrox EMEA Ltd," the researchers at Toronto said. The researchers revealed Cytrox is part of “Intellexa alliance” which is apparently a marketing label for mercenary surveillance vendors.

TAG said it has been tracking 30 surveillance vendors. "We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns," Google said in its blog.

Where have the strikes been confirmed?

Google's TAG team in a blog said: "Consistent with findings from CitizenLab, we assess likely government-backed actors purchasing these exploits are operating (at least) in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia."

The blog informed that the hacking took the form of one-time links mimicking URL shortener services to the targeted Android users via email.

"We assess that these campaigns delivered ALIEN, a simple Android malware in charge of loading Predator, an Android implant described by CitizenLab in December 2021."

Google said tracking the commercial surveillance industry would require a "robust" approach which can be done through intelligence teams, network defenders, academic researchers and technology platforms.

