Alien and Predator is a spyware/malware
Cyber Breach

What Everyone Ought To Know About Alien And Predator Spyware

Avatar
by July 19, 2022

ALIEN and PREDATOR Spyware Threat

A major threat has been identified by Google’s Threat Analysis Group (TAG).  It is a simple yet potentially devastating attack against  Android devices.  It comes in two parts.  First is spyware, known as ALIEN, which loads malware known as PREDATOR. This tag-team threat is distributed primarily by email but could also be deployed using text messages, chat apps, or even social media direct messaging. According to the Google Team: 

“All three [spyware] campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. The campaigns were limited — in each case, we assess the number of targets was in the tens of users. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website.”  (malware.net)

The final URL destination is a legitimate site, which minimizes the victim’s suspicions. However, the ALIEN spyware can live inside numerous privileged processes. Once on the victim’s device, it will deploy PREDATOR. Using inter-process communication (IPC), the spyware can receive further commands that can cause potential harm and safety risks to the victim.  For example, this particular spyware can record audio, add CA certificates, and hide apps. The spyware may also have other capabilities not yet known to researchers. 

ALIEN and PREDATOR spyware was allegedly developed by a company called Cytrox. Cytrox is headquartered in Skopje, North Macedonia.  Like the NSO Group we covered in September 2021, Cytrox is widely believed to be part of the commercial spyware vendor community that sells surveillance-as-a-service products and other hacking tools to government agencies globally. 

Who Is Being Targeted?

According to the TAG team, this specific spyware technique has been previously used against journalists. However, they aren’t sure who the current targets are, although they do know that ALIEN and PREDATOR have been used by government-backed actors in the following countries: Madagascar, Egypt, Spain, Greece, Serbia, Armenia, Indonesia, and The Ivory Coast. 

The Threat of “Legitimate” Spyware Companies

These new attacks have brought so-called “legitimate” spyware companies back to the forefront of people’s minds. These entities (like Cytrox and the NSO group) build powerful malware that they then sell to government agencies across the globe. The companies claim their tools can help law enforcement fight terrorism and national security threats.

History shows us that these powerful tools probably aren’t only being used in the capacity claimed. Instead, the malware has been used to target people like journalists, whistle-blowers, and political activists. Reports also show they’ve been used against political opponents and close family members of high-ranking government officials. 

Human rights and privacy activists have repeatedly called for these “legitimate” threats to be outlawed. These calls have been answered in some countries with stricter privacy laws or regulations. For example, the NSO Group and its products have been banned from the purchase or use in the U.S. 

Keeping Yourself Safe From Spyware Threats

Although it’s unlikely ALIEN and PREDATOR spyware will be used against the average person, this is far from the only active threat. According to Malware Bytes, around 80 percent of all computers will be infected with spyware at some point. Of these, almost 90 percent of victims won’t even know they’re infected.

While there’s never a guarantee you won’t fall victim to spyware or other forms of malware, there are several simple ways to keep yourself safe and reduce potential threats. 

The most important thing is to never click on links you aren’t sure about, whether they be sent via SMS, email, or a different medium. Only click links from verifiable sources that you know and trust.

Additionally, you should have some anti-virus security on your computer. These computer security programs can help detect potential threats, including letting you know when you’re being redirected or a website isn’t secure.  

Northstarr Recommends:

We use the internet for many things.  It entertains, informs, teaches, and allows us to conduct business around the world.  It’s important to remember that the internet is not an inherently friendly place.  Just like people and places in the real world can be dangerous, so can the internet.  The particular threat discussed here can be prevented by being conscientious about applying updates when they become available. Good internet hygiene is about forming good habits to keep yourself safe.  These tips will help: 

  • Anti-virus is a must on any device you use to access the internet.  Make sure you keep it up to date. Set it to scan your device every night.
  • Never click on a link in a text message or email unless you know the sender.
  • Apply patches, updates, and upgrades to the apps you use.
  • If an app is on your device, it’s vulnerable.  If you have apps that you don’t use, remove them. 
  • Plan on spending a few minutes per device every month getting rid of the unused apps, applying updates, and generally organizing your device. 
  • Back up your data to a cloud backup service.  
  • Be cautious about what data you store on your device. 
  • Don’t forget to apply patches and updates to your device’s operating system as well. 

We can help. To find out more about what we do, visit our website or give us a call at (888) 767-2210 to set up an appointment.  We look forward to meeting with you!