As part of an ongoing effort Android smartphone The more secure Google Threat Analysis Group (TAG) often spends time looking for zero-day vulnerabilities that could be exploited by cybercriminals and other threat actors. These vulnerabilities pose a serious risk to users as they have been disclosed but not yet patched.
New Blog post, TAG highlights three separate campaigns that took place between August and October 2021. In this campaign, state-backed attackers installed Predator spyware on fully updated Android devices using five different zero-day vulnerabilities.
Unlike traditional malware, Predator and Pegasus Used for high value targets such as journalists and politicians. For example, in the campaign Google discussed, the number of targets was dozens of users, not thousands or millions as in the case of. Emotet When Want to cry before that.
Still, given that attackers can track and profile online activity across the web, spyware needs to be recognized by everyone and take steps to prevent harm.
What is Predator Spyware?
According to Google, Predator is a relatively new spyware, believed to have been created by Cytrox, a commercial surveillance company based in Skopje, North Macedonia. Sold to government-sponsored threat actors in Egypt, Armenia, Greece, Madagascar, Cote d’Ivoire, Serbia, Spain and Indonesia, it secretly spy on valuable targets such as political rivals, journalists and other candid critics. Each government.
All three campaigns listed in Google’s report used one-off links that mimic popular ones. URL shortening service A service emailed to the target Android user. When a user clicked on one of these links, they were redirected to a domain owned by the attacker, delivering the zero-day exploit in question before redirecting the browser to a legitimate website.
Target Android device first infected Android Malware Known as the alien responsible for loading Predator Spyware. Alien receives a command from Predator that allows spyware to record audio, add a CA certificate, and hide apps on the user’s device.
Why attackers often exploit zero-day vulnerabilities
Cybercriminals and other threat actors prefer to exploit zero-day vulnerabilities in their attacks due to their wide attack surface. When a patch for a vulnerability is released, it can only target users who have not updated their system or software. However, due to the zero-day vulnerability, the patch has not yet been created and distributed, so the attack is much more likely to succeed.
Keeping all your software up-to-date can still be the victim of a zero-day attack. As a result, Google’s Threat Analysis Group and other groups are constantly looking for new vulnerabilities in zero-day attacks. It has not been abused in the wild yet. The reason behind this is that we hope we can alert vendors to these vulnerabilities before they are discovered by cybercriminals and create patches to fix them.
How to protect yourself from spyware
The purpose of this type of malware is to leave it undetected, so once spyware finds a new home on the device, it can be difficult to remove. Therefore, it is better to take precautions sooner than later.
First, you need to install antivirus software on your computer or mobile antivirus software on your smartphone. It’s worth noting that Microsoft Defender is pre-installed on all Windows PCs, as is the case with Google PlayProtect on Android smartphones. Paid antivirus software offers more features, but both of these products help protect your device from malware and other cyber threats.
To prevent infection with spyware Kaspersky We recommend that you accept the cookies of the sites you visit, install anti-tracking browser extensions, and be careful to update all installed software with the latest patches. At the same time, free software is always costly and time consuming, and it’s worth remembering that you can access your data.
Thankfully, spyware is typically used only for high-profile targets, not for everyday users. However, you can always register with Google if you think you are at risk of being targeted by a country-sponsored threat actor. Advanced protection program You may need to buy some, but it’s free Security key Further protect your online account.
Commentaires
Enregistrer un commentaire