If you think about it, our smartphones are pretty dangerous. They not only contain a lot of sensitive and private information, but they also have microphones and cameras which when abused, are the perfect spy tools. Of course, companies do try to ensure that their devices are not exploited in such a manner, but nothing is ever perfect.
In fact, in a recent security blog post by Google, the company is warning of a newly-discovered “Predator” spyware made by a company called Cytrox that is located in North Macedonia. Apparently it takes advantage of zero-day security flaws discovered within Chrome and Android that when exploited, lets the attacker record audio on your device. According to Google:
“The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched but not flagged as security issues and when these patches were fully deployed across the Android ecosystem.”
The way this exploit works is that the target would receive an email with a link mimicking a URL shortener service, and when the link is clicked, it would redirect users to a domain owned by the attacker which would then load an Android spyware called ALIEN. To cover their tracks and to avoid suspicion, users will ultimately be directed to a legitimate site.
Google claims that this type of spyware is used to target journalists and has apparently been used before. Thankfully, Google says that the number of targets this has affected was in the tens of users, so it wasn’t a particularly widespread issue, but it’s scary to think how quickly some exploits can be taken advantage of before they are patched.