Researchers Discover New Capabilities for Data Theft

Hey there, Bay Area folks! Today, let’s chat about some recent findings in the unending world of cybersecurity. Picture this: Imagine a spy versus spy scenario except it’s happening right inside the phone in your pocket. Mind-blowing, isn’t it?

Intense cybersecurity researchers have been on a mission, digging deep into a tricky piece of spyware called Predator. Remember when Google’s bright crew brought it to light back in May 2022? They found it poking around Chrome and Android, exploiting five different zero-day issues. Really wish they’d stick to hunting bugs, but hey, c’est la vie.

So, what makes Predator tick? Turns out, it’s much more than the average pest. This little beast can record audio during phone and VoIP calls. That’s not all. It’s also sneaky enough to filch contacts and messages, nabbing data from apps like Signal, WhatsApp, and Telegram. Talk about sticky fingers! It can also camo other apps and make sure they don’t stir when you reboot your phone.

It’s fascinating, how it works, though. It doesn’t go solo. It has a sidekick – Alien, a loader that sets up the low-level perks needed for Predator to snoop around. Thus, preparing it for some next-level espionage. Now, that’s teamwork!

Did I mention that these two are extraordinarily skilled at dodging Android’s security barriers, like Security-Enhanced Linux? Yeah, and that’s not even the most impressive part.

Alien normally sets up shop in an essential Android process named Zygote and installs other spyware modules, including the notorious Predator, from an outside server. We’re still not sure how Alien gets activated on an infected device, but we suspect it has something to do with initial-stage exploits.

Predator, on the other hand, brings to the table a set of unique talents – data theft, surveillance, remote access, and even arbitrary code execution! It’s like the Swiss Army knife of spyware. It can add stuff to the store, look through various directories, and even peek into devices manufactured by the likes of Samsung, Huawei, Oppo, or Xiaomi.

Still, there are missing puzzle pieces. For instance, what is the mysterious tcore module doing? And what about the obscure kmem mechanism that apparently escalates privileges? We may not have all the answers, but one thing’s for sure: this spy duo certainly keeps security researchers on their toes!

What makes all this even more intriguing is the relationship between Predator and Alien. They’re two closely knit silicon-based buddies who work hand-in-glove to spy on victims – one couldn’t do it without the other. The relationship is so symbiotic, it’d make any biologists proud.

But remember my friends, this isn’t all fun and nerdy intrigue. This trend of commercial spyware use has been soaring in recent years. While these technologies can be used by governments to fight crime and threats to national security, they can also be abused to surveil dissidents, journalists, human rights activists, or even casual folks.

Just imagine the notorious Pegasus spyware making a dozen unsuspecting victims in Armenia, hacking one of them almost 30 times between 2020 and 2021. A grim reminder of the deep and dark flip side of technology, and an urgent call for us all to stay vigilant and aware about the ever-evolving world of cybersecurity.

So, arm up, Bay Area. Take that extra step to fortify your cyber shield and keep bad players at bay. After all, who would want some pesky spyware to suddenly throw a wrench in our sweet digital lives? Stay safe out there, folks!

by Morgan Phisher | HEAL Security