Don’t you ever wonder how safe your smartphone really is? In a world where governments seem to be ramping up surveillance, there is a player that can turn your phone into a spy tool. Meet the Predator Spyware, a malware allegedly sold to governments worldwide, leaving no one safe.
What Exactly is Predator Spyware?
Predator Spyware is a monitoring software developed by Cytrox, a company established in 2017 in North Macedonia1. The company, then led by CEO Ivo Malinkovski, claims to provide “operational cyber solutions” to governments, including device and cloud data extraction.
Once Predator gains access to your phone, it leaves no data unturned.
From accessing messages and calls to capturing photos and passwords, it does it all. The software can even manipulate your phone into trusting malicious websites and apps, turning your device into a surveillance weapon.
The Origins and Reach of Cytrox
Cytrox was originally a startup, but in 2019, it was acquired by Tal Dilian2, a former commander of the Israel Defense Forces, for under $5 million. The company is a part of Intellexa, an alliance labeled by the University of Toronto’s Citizen Lab as “a marketing label for a range of mercenary surveillance vendors.”
Cytrox’s operations are not confined to North Macedonia; it has a presence in Israel, Greece and Hungary, well, that is at least if we follow the information that has been published online.
How Predator Spyware Infects Devices
The main avenue for Predator’s infiltration is through exploiting zero-day vulnerabilities. These are software flaws that even the developers aren’t aware of. A victim receives a seemingly innocent link via email or text, which downloads the malware once clicked.
Why Zero-Day Attacks are a Big Deal
Zero-day vulnerabilities are the holy grail for cybercriminals. They allow attackers to compromise your security even if you’ve updated all your software. These vulnerabilities are the reason why Predator is extremely effective and dangerous.
Incidents and Repercussions
In December 2021, Predator was used to hack Egyptian opposition politician Ayman Nour and an unnamed exiled journalist. This forced Apple to release a software update to close the zero-day exploits. This year, the U.S. Department of Commerce added Cytrox to its Entity List, citing national security risks. In 2022, Al Jazeera reported3 how the Greek government uses spyware like the Predator spyware to monitor journalists.
In an act of corporate responsibility, Meta Platforms banned Cytrox and six other surveillance groups4, removing over 1,500 Facebook and Instagram accounts linked to them.
How to Stay Protected?
Detecting a high-level spyware like Predator is almost impossible for an average person. If you’re suspicious, consulting cybersecurity experts is your best option.
For other potential threats, keep an eye on:
- Slowed device performance
- Unexpected pop-up ads
- Unfamiliar apps or features
- Issues accessing secure sites
- Spikes in data usage
While I was writing this post, I also noticed that the official website
Cytrox.com leads to a traffic distribution system that leads you to unwanted ads and fake news.
When you try to visit Cytox.com (where the R is missing), you will land on a parked domain landing page.
I continued to see if the Intellexa website is still online, and at the moment of writing, it seems to have been taken offline.
However, when we browse to the LinkedIn page of this company, it still seems to be online.
Protective Measures for Lesser Threats
While Predator is more likely to target high-profile individuals, we shouldn’t ignore the lesser threats. Here are some tips:
- Use comprehensive cybersecurity tools.
- Keep your software updated.
- Be cautious with links and downloads from unknown sources.