Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
The evolution of mobile malware demonstrates particular difficulties in combating commercial cyber espionage.
Yesterday, Cisco Talos published another analysis of the commercial Predator spyware. Experts have identified a number of changes in the functionality of the malicious mobile program, which made it even more dangerous.
Predator, which can attack both Android and iOS devices, has been described by experts as a "remote mobile data extraction system" that is sold under a licensing model costing literally millions of dollars. The exact cost of purchasing a license depends on the exploit used for initial access, as well as the number of simultaneous possible infections.
Novice cybercriminals can't afford this luxury, but advanced APT groups that have a certain amount of money in their stash really pay for access to Predator to make their attacks even more destructive.
In the latest Talos report, researchers noted that the Android version of Predator relatively recently received the ability to save its activity after rebooting the device, while the iOS version immediately had this functionality. However, this functionality is also paid separately.
Predator is a product of a consortium called the Intellexa Alliance, which includes Cytrox (later acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa were added to the US blacklist of legal entities in July 2023 — just for their involvement in the creation of Predator spyware.
In a previous report, Talos researchers detailed the inner workings of Predator and its harmonious combination with another bootloader component called "Alien".
"Alien is crucial for the successful functioning of Predator, including additional components that can be loaded by the program on demand," the experts explained.
Another key aspect of the Intellexa Alliance business model is that it shifts the work of configuring the attack infrastructure to the clients themselves, minimizing interaction with them, and leaving the possibility of plausible denial of involvement of malware developers in real hacker attacks.
Cisco Talos noted that although the public disclosure of the Intellexa Alliance did occur, this fact had little impact on the operational activities of the companies involved. They still operate and provide their services to both government organizations from different countries and private hacker associations.
This case demonstrates how difficult it is to stop companies engaged in commercial espionage activities. Another vivid example of such a company is the famous NSO Group with its Pegasus spyware.
Even if such companies are publicly exposed and placed on sanctions lists, they still find loopholes in the law and continue to develop and distribute dangerous surveillance and espionage tools. And with the introduction of new functions such as the described saving of work after a reboot, their malicious software becomes many times more dangerous.
Only the combined efforts of the international community to impose strict control in this area and curb the activities of such structures can effectively combat such threats.
Yesterday, Cisco Talos published another analysis of the commercial Predator spyware. Experts have identified a number of changes in the functionality of the malicious mobile program, which made it even more dangerous.
Predator, which can attack both Android and iOS devices, has been described by experts as a "remote mobile data extraction system" that is sold under a licensing model costing literally millions of dollars. The exact cost of purchasing a license depends on the exploit used for initial access, as well as the number of simultaneous possible infections.
Novice cybercriminals can't afford this luxury, but advanced APT groups that have a certain amount of money in their stash really pay for access to Predator to make their attacks even more destructive.
In the latest Talos report, researchers noted that the Android version of Predator relatively recently received the ability to save its activity after rebooting the device, while the iOS version immediately had this functionality. However, this functionality is also paid separately.
Predator is a product of a consortium called the Intellexa Alliance, which includes Cytrox (later acquired by WiSpear), Nexa Technologies, and Senpai Technologies. Both Cytrox and Intellexa were added to the US blacklist of legal entities in July 2023 — just for their involvement in the creation of Predator spyware.
In a previous report, Talos researchers detailed the inner workings of Predator and its harmonious combination with another bootloader component called "Alien".
"Alien is crucial for the successful functioning of Predator, including additional components that can be loaded by the program on demand," the experts explained.
Another key aspect of the Intellexa Alliance business model is that it shifts the work of configuring the attack infrastructure to the clients themselves, minimizing interaction with them, and leaving the possibility of plausible denial of involvement of malware developers in real hacker attacks.
Cisco Talos noted that although the public disclosure of the Intellexa Alliance did occur, this fact had little impact on the operational activities of the companies involved. They still operate and provide their services to both government organizations from different countries and private hacker associations.
This case demonstrates how difficult it is to stop companies engaged in commercial espionage activities. Another vivid example of such a company is the famous NSO Group with its Pegasus spyware.
Even if such companies are publicly exposed and placed on sanctions lists, they still find loopholes in the law and continue to develop and distribute dangerous surveillance and espionage tools. And with the introduction of new functions such as the described saving of work after a reboot, their malicious software becomes many times more dangerous.
Only the combined efforts of the international community to impose strict control in this area and curb the activities of such structures can effectively combat such threats.
