The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada.
Predator and its loader Alien have been around since at least 2019, and are part of a larger suite developed by Cytrox, now called Intellexa. The software, which is designed to spy on and extract data from the devices it’s slipped into, is available for Google Android and Apple iOS.
In its deep dive published on Thursday, which examines the Android version of the code, Talos suggests Alien is more than just a loader for a Predator, and that the two work in combination to enable all kinds of espionage and intelligence-gathering activities on compromised devices.
“When used together, these components provide a variety of information stealing, surveillance and remote-access capabilities,” the researchers said.
This includes recording audio from phone calls and VoIP apps; stealing data from Signal, WhatsApp and Telegram; and even hiding applications or preventing them from running after a device reboots.
However, Talos admits they don’t have access to all the spyware’s components, so without a full examination of the code, “this capability list should not be considered exhaustive,” they add. Still, Talos theorizes that the surveillance capabilities include geolocation tracking, camera access, and making it appear that the phone has powered off — which makes it easier to spy on a victim without their knowledge.
Like fellow snoopware Pegasus, which needs zero user interaction to infect