Spyware is endless. After Pegasus, cytrox’s Predator software came up.
When we think of illegal and infamous ways to spy on people’s phones, the Pegasus spyware of the Israel-based NSO Group comes to mind first. But there’s a new player in town named Cytrox.
A joint investigation by Canada-based Citizen Lab and Meta found that this relatively lesser-known company made illegal surveillance possible. Therefore, the origin and software of the company were examined.
What is Cytrox?
Cytrox began as a North Macedonian venture, but documents reviewed by Citizen Lab show a presence in Israel and Hungary. In an official statement, the company says it provides governments with an operational cyber solution.
The company is allegedly part of Intexella, an alliance that seeks to compete with the NSO Group. At the same time, the company’s founder, Tal Dillian, is known to have been involved in a number of operations that provide surveillance software.
Cytrox presents its own Pegasus competitor, Predator, who monitors the victim’s phone. The firm also offers some products to Sphinx, a cyber espionage campaign targeting people in Egypt and surrounding countries.
An investigation by a Canada-based research firm has revealed that two Egyptian citizens were targeted by the Predator. They are Ayman Nour, leader of the country’s opposition party, and an unknown journalist on a popular news program.
Spyware is said to work on both Android and iOS. But it is said that on the Apple side, this vulnerability is exposed due to an error found in iOS 14.6. Of course, it’s been a long time since this release came out. But Apple has yet to comment.
The attackers reportedly hacked those phones by sending seemingly innocuous links via WhatsApp. This means that if you do a single click, the information on your device will fall into the hands of hackers.
Ayman Nour reportedly suspected he was the victim of a spyware attack when he noticed his phone was getting too hot. The investigation also revealed a one-of-a-kind situation. He revealed that his phone had been hacked by both predator and pegasus.
The researchers found that iPhones were “distedc[.] com”. They enabled the Censys fingerprint service to trace the origin of a server that points to Cytrox’s IP addresses. In addition, Citizen Lab’s research points to additional domains observed in the Predator spyware attack.
Memory is automatically cleared when you restart the device. But one of the most important aspects of this spyware is that it is said to survive even if you hang up and answer the phone. In addition, it was reported that the governments of Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia could be Cytrox’s clients.
What’s Meta doing?
Meta has released a new report on hacking operations for hire. The company said it removed 300 Cytrox-related accounts from Facebook and Instagram. He also noted that in his research, Cytrox used a field network to mimic legitimate news assets in countries of interest and to mimic legitimate URL abbreviations and social media services.
Amnesty International, an organization focused on human rights, said it was willing to help all activists who believed they were being targeted. It also released a GitHub dashboard library that can help researchers find Predator spyware on phones.
Furthermore, this investigation emerged in the same week that reports emerged that the NSO Group had closed Pegasus. Although we know a lot about Pegasus, it shows that there are other spyware companies that work quietly.