Image: Bing Create
Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details.
Predator is a commercial spyware for mobile platforms (iOS and Android) developed and sold by Israeli company Intellexa.
The spyware family has been linked to surveillance operations targeting journalists, high-profile European politicians, and even Meta executives.
The spyware can record phone calls, collect information from messaging apps, or even hide applications and prevent their execution on infected Android devices.
The Alien loader
In May 2022, Google TAG revealed five Android zero-day vulnerabilities that the Predator spyware chained to perform shellcode execution to drop Predator's loader 'Alien' on a targeted device.
The Alien loader is injected into a core Android process named 'zygote64' and then downloads and activates additional spyware components based on a hard-coded configuration.
Alien fetches the Predator component from an external address and launches it on the device or upgrades the existing payload with a newer version if available.
Hardcoded Predator-download URL in Alien (Cisco)
After that, Alien continues to operate on the device, facilitating discreet communications between the spyware's components by hiding them within legitimate syste ..
Support the originator by clicking the read the rest link below.
