Your Android phone, as well as the Chrome browser, may be vulnerable to state-sponsored hacking, thanks to new spyware called Predator. And this information comes straight from the horse’s mouth. The tech giant has revealed that a private surveillance company, whose credibility is apparently questionable, sold government-affiliated hackers access to around half a dozen security flaws that might render both Android and Chrome vulnerable.
In a blog post, Google said Cytrox, which is a secretive firm based in North Macedonia, sold access to four zero-day security flaws in the Google Chrome browser and one in Android to government-linked hackers. Defined as “threat actors”, these hackers based in multiple countries used different exploits to carry out hacking with the help of Cytrox’s Predator spyware.
“We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns discussed below,” Google said. Citing findings by researchers at CitizenLab, Google said the government-sponsored hackers who purchased the exploits are operating in Egypt, Armenia, Greece, Madagascar, Côte d’Ivoire, Serbia, Spain and Indonesia.
What Cytrox has done is something considered very advanced and sophisticated in the world of hacking. It sold access to security flaws that require its own spyware for the exploit is next-level cyber business. According to Google, the zero-day exploits were used alongside n-day exploits as the developers of the spyware leveraged the time difference between when critical bugs were patched but not marked security issues and when these patches were completely rolled out across the Android ecosystem.
In other words, the surveillance company gave access to security flaws with spyware privileges during a time when users had not completely updated their devices. Google had rolled out patches but users took time to update their devices. “Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits,” Google said.
Google said its Android and Chrome teams were quick to respond to these findings and patch the vulnerabilities. Cytrox comes across as a company similar to NSO Group, which develops perhaps the most lethal cyber weapon called Pegasus and sells it to different governments for snooping on targeted devices.
No comments:
Post a Comment
Welcome To My Blog.