Predator, the commercial Android malware developed by a company called Intellexa, might be worse than previously thought, as new research argues the tool has a lot of previously unknown functionalities.
Cybersecurity researchers from Cisco Talos recently published a thorough analysis of Predator and its loader Alien. As per the analysis, it was concluded that Alien is more than just a loader for Android and that by working in unison with Predator, allows for all kinds of intelligence gathering.
“When used together, these components provide a variety of information stealing, surveillance and remote-access capabilities,” the researchers said.
The malware allows its users to record audio from phone calls and VoIP apps, and steal data from chat apps such as WhatsApp or Telegram. Although not confirmed, the researchers believe the malware also allows for geolocation tracking, access to camera apps, and tricking the user into thinking the device is powered off (for easier use during the “off” time).
To make matters worse, even after such a thorough analysis, the researchers are still not sure they got to the bottom of it: “This capability list should not be considered exhaustive,” the researchers concluded.
The malware was developed in 2019, The Register reports, and is part of a larger software suite developed by Intellexa (previously known as Cytrox). The apps are available for both Android and iOS, it was said.
In practice, Predator/Alien is similar to Pegasus, also commercial spyware developed by the Israeli NSO Group. Pegasus has since been banned and NSO Group blacklisted in the United States, after reports came out that the software was being used by oppressive regimes around the world to target journalists, human rights activists, dissidents, and other individuals who might threaten the ruling party in various governments around the world.
The malware works by abusing zero-day vulnerabilities and other flaws.
Via: The Register