Google has revealed that a spy company sold five vital security holes in Chrome and Android to government-affiliated hackers. This security vulnerability is used to spread a spyware called Predator.
The spy company is Cytrox, which is known to be headquartered in North Macedonia. They allegedly sold access to four zero-day security holes in Chrome and one security vulnerability in the Android operating system.
Their clients are mostly government-backed hackers who use the loophole to attack targets with the Predator spyware also developed by Cytrox. Hackers who bought Cytrox's spyware and services included Greece, Serbia, Egypt, Armenia, Spain, Indonesia, Madagascar and Ivory Coast.
"We assess with high confidence that this exploit was packaged by one commercial spy company, Cytrox, and sold to various state-backed actors who used it in at least three of the campaigns discussed below," the Google Threat Analysis Group said in a statement. Gizmodo, Friday (27/5/2022).
In this attack, hackers first install the Alien banking trojan. Utilizing the remote access function, hackers load Predator spyware remotely. This spyware can be used to record audio, add CA certificates, and hide applications.
Cytrox is also said to be giving its clients access to some 'n-days' loopholes. This is a security vulnerability that has been fixed and in this case the targeted user may not have updated their application or operating system.
The TAG team also discovered a worrying new trend. They wrote down that most of the zero-days vulnerabilities they discovered last year were deliberately developed by spy companies like Cytrox.
"Seven of the nine 0-days found by TAG in 2021 fall into this category: developed by commercial providers and sold and used by government-backed actors," said a Google security researcher.
"TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure who sell exploits or spying capabilities to government-backed actors."
This finding is in line with CitizenLab's report on spyware made by Cytrox published in December 2021. CitizenLab researchers found the spyware had infected the cellphone of Egyptian politician Ayman Nour.
Nour's cellphone has also been infiltrated by the Pegasus spyware made by the NSO Group and it turns out that the two spyware are operated by two different countries. Pegasus and the NSO Group are the most well-known and controversial spyware and spy companies in recent years.