Accordingly reportThe spyware Predator and its downloader Alien were released in Canada on Thursday by Cisco Talos with the support of the non-profit Citizen Lab and have more spying functions than previously thought. The malware was found to be able to record nearby voice calls and audio, collect Signal and WhatsApp data, and hide apps or prevent them from running when the device is restarted.
Predator and Alien have been around since at least 2019 and are part of a larger package developed by Cytrox and now called Intellexa, the marketing name for a number of surveillance system vendors formed in 2019. Other companies in the consortium are Nexa Technologies (formerly Amesys), WiSpear/Passitora Ltd. and Senpai.
In a published report on the Android version of the code, Talos points out that Alien isn’t just a Predator loader, but that both work together to enable all kinds of spying and intelligence gathering on jailbroken devices. “When these components are used together, they offer multiple opportunities for information theft, surveillance, and remote access.‘ say the researchers.
The program tandem can secretly record the sound of phone calls and VoIP applications, steal data from Signal, WhatsApp and Telegram, as well as hide applications or prevent them from starting after restarting the device. Like other spyware like Pegasus, which doesn’t require user interaction to infect victims’ devices, Predator and Alien have been proven to use zero-day vulnerabilities and other flaws to infect and hijack Android phones.
Talos admits that they cannot access all components of the spyware without a full examination of the code.This list of features should not be considered exhaustiveHowever, the company does point out that features also include geolocation tracking, camera access, and a powered-off phone simulation, making it easier to spy on a victim without them knowing.