In a recent analysis, researchers from Cisco Talos unveiled new insights into the commercial spyware known as “Predator.” The malicious mobile program has undergone functional changes, making it even more perilous.
Predator, capable of targeting both Android and iOS devices, is labeled as a “remote mobile data extraction system.” It operates on a licensing model with costs reaching millions of dollars, depending on the initial access exploit and the potential number of simultaneous infections.
While novice cybercriminals may find the licensing cost prohibitive, advanced APT groups with financial resources utilize Predator to enhance the destructiveness of their attacks.
The latest report from Talos highlights that the Android version of Predator recently gained the ability to persist after a device reboot, a functionality already present in the iOS version, albeit as a separate paid feature.
Predator is associated with the Intellexa Alliance consortium, comprising Cytrox (later acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa faced U.S. sanctions in July 2023 for their involvement in Predator’s creation.
Talos researchers delved into the intricacies of Predator and its interaction with another crucial component called “Alien.” The successful operation of Predator relies on Alien, which manages additional components downloaded by the on-demand program.
Intellexa Alliance’s distinctive business model involves clients configuring the attack infrastructure themselves, reducing interaction with the consortium and providing plausible deniability for the malware developers involved in actual attacks.
Despite public disclosure and sanctions, the affected companies, including the Intellexa Alliance, continue to operate, providing services to government organizations and private hacker associations globally. This case highlights the challenges in halting entities engaged in commercial espionage, similar to the persistent activities of the well-known NSO Group and its Pegasus spyware.
The ability of these companies to navigate legal loopholes and advance their surveillance tools, as illustrated by Predator’s enhanced features, underscores the necessity for concerted international efforts to impose strict controls and curb the activities of such entities effectively.
CyberSec84 | Cybersecurity news. 
Leave a comment