Forget Pegasus… Meet Predator Which Is The New Weapons Grade Spyware For iPhones That Is Making The Rounds

The NSO Group who makes the Pegasus spyware that targets iPhones is getting all the attention these days. And rightly so. It’s highly dangerous and should be made extinct as quickly as possible. But there’s a second piece of weapons grade spyware that’s out there that you need to worry about. University of Toronto’s Citizen Lab has released a lengthy report on ‘Predator’ after finding it on an iPhones running iOS 14.6 that had also been infected with NSO Group’s Pegasus.

Here’s what you need to know:

  • Predator is made by a group called Cytrox based in North Macedonia.
  • Predator and Pegasus have similar feature sets.
  • Predator is delivered to the target’s iPhone via a malicious link sent over something like WhatsApp. When the target opens the link, Predator is able to gain access to the phone’s cameras and microphone, as well as pull data off the phone.
  • Unlike Pegasus, Predator cannot silently infect a phone without user interaction. In other words, the spyware relies on user input, like clicking a malicious link, to activate.
  • Predator can survive reboots. Pegasus can’t.
  • Predator was likely being used by government customers in Armenia, Greece, Serbia, Indonesia, Madagascar, Oman, Egypt and Saudia Arabia. Meta has also crossed paths with Cytrox and their investigation also found Predator customers in Vietnam, the Philippines and Germany. It should also be noted that Meta has banned Cytrox from its platforms and said it removed over 1,500 Facebook and Instagram accounts associated with numerous groups including Cytrox.

Citizen Lab has served this info up to Apple, and the company is apparently investigating. And it isn’t clear if this has already been patched or not. So until we get clarity on that, the usual advice applies. Which is don’t ever click on links that are sent to you.

Leave a Reply

%d bloggers like this: