A malicious private surveillance firm sold access to nearly half a dozen major security holes in Chrome and Android last year to government-affiliated hackers, Google has revealed. According to Google’s Threat Analysis Group (TAG), at least eight governments around the world have purchased a set of 5 zero-day Android flaws from a company called Cytrox and are using them to install spyware on devices. cell phones of their targets. According to a recent report by Google, this development highlights the sophistication of surveillance offerings available on the market.
These flaws are therefore probably part of the 58 zero-day flaws that Google had identified in 2021. Among them, we have this dangerous Android spyware. However, as Maddie Stone points out in a recent update from Google’s Project Zero,” the sharp increase in 0-day flaws in the wild in 2021 is due to increased detection and disclosure of these 0-day flaws. , rather than a simple increase in their use”.
Although we don’t know much about the Cytrox company, researchers have revealed that the headquarters are in Skopje, North Macedonia, and that the spyware used by the company is capable of recording audio data, add CA certificates and hide applications.
Android smartphones are targeted by dangerous spyware that listens to your conversations
According to Google, the victims were emailed links to a fake website that installed spyware called Predator; a program similar to NSO Group’s Pegasus, capable of activating the microphone and performing other acts. unwanted monitoring. Besides listening to conversations, the Cytrox malware can also hijack call logs and text messages; while monitoring notifications to evade detection.
Cytrox reportedly packaged loopholes to access Android smartphones and sold them to various government-backed actors in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia, who in turn used the bugs in at least three different campaigns between August and October 2021.
In December 2021, Meta disclosed that it had taken steps to remove approximately 300 Facebook; and Instagram accounts that Cytrox used in its compromise campaigns.
We’d be remiss if we did not acknowledge the quick response; and patching of these vulnerabilities by Google’s Chrome and Android teams. We would also like to thank Project Zero for their technical assistance in helping analyze these bugs. TAG continues to track more than 30 vendors with varying levels of sophistication; and public exposure selling exploits or surveillance capabilities to government-backed actors. We remain committed to updating the community as we uncover these campaigns.
Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach; that includes cooperation among threat intelligence teams, network defenders, academic researchers and technology platforms. We look forward to continuing our work in this space; and advancing the safety and security of our users around the world.