Amnesty International’s Security Labs and the European Investigative Collaboration (EIC) have uncovered new evidence of a large-scale surveillance operation called “The Predator Files.” This operation involved the use of powerful spyware known as Predator, developed by Cytrox [5] [7], a subsidiary of surveillance company Intellexa [7]. The spyware targeted over 50 social media accounts in 10 countries [7], including political leaders and lawmakers. The project was led by reporters from various media outlets and included technical researchers from Amnesty International and The Citizen Lab [7]. The Predator malware was eventually banned by Meta Platforms Inc [7]. and both Cytrox and Intellexa were placed on a block list by the U.S. [7] government [3] [5] [7] [8] [9].
Description
Amnesty International’s Security Labs and the EIC collaborated with journalists and researchers to uncover new evidence of a large-scale surveillance operation called “The Predator Files.” This operation involved the use of powerful spyware known as Predator, developed by Cytrox [5] [7], a subsidiary of surveillance company Intellexa [7]. The spyware targeted over 50 social media accounts in 10 countries [7], including political leaders such as the presidents of the European Parliament and Taiwan [7], as well as U.S. [7] Congressman Michael McCaul and U.S. [7] Senator Chris Murphy [7]. It only took one message or click to compromise a person’s digital life [7]. The project was led by reporters from various media outlets and included technical researchers from Amnesty International and The Citizen Lab [7]. The Predator malware was eventually banned by Meta Platforms Inc [7]. and both Cytrox and Intellexa were placed on a block list by the U.S. [7] government [3] [5] [7] [8] [9].
Amnesty International’s Security Labs and the EIC also conducted an analysis that revealed new information about the Predator spyware. Between August and October 2021 [6], three separate campaigns were identified, where state-backed attackers exploited five different zero-day vulnerabilities to install the spyware on fully updated Android devices [6]. The spyware was sold to government-backed threat actors in multiple countries [6]. The campaigns used one-time links sent via email to targeted Android users [6], redirecting them to an attacker-owned domain that delivered the zero-day exploits [6]. The targeted devices were first infected with an Android malware called Alien [6], which loaded the Predator spyware [6]. Once installed, the spyware could access messages, calls [5], photos [5], and passwords on the user’s device [6]. It could also hide apps, add a certificate authority [5], and control the phone’s camera and microphone [5].
The analysis further highlighted Intellexa as the main distributor of Predator. Intellexa has been using various products from alliance partners to intercept and subvert mobile networks and Wi-Fi technologies [2] [8], sometimes with the help of Internet service providers (ISPs) [2] [8]. Sales of the Predator malware were traced to government contracts in Vietnam [7]. Amnesty International also found that other spyware products from Intellexa were used in 25 countries to undermine human rights and press freedom [7]. The investigation revealed that 25 countries have purchased invasive surveillance products from the alliance [9], including Switzerland [9], Austria [9], Germany [9], Oman [9], Qatar [9], Congo [9], Kenya [9], United Arab Emirates [9], Singapore [9], Pakistan [9], Jordan [9], and Vietnam [4] [7] [9]. The presence of the Predator spyware system was identified in countries such as Sudan, Mongolia [4] [9], Madagascar [4] [8] [9], Kazakhstan [4] [9], Egypt [4] [8] [9], Indonesia [4] [9], Vietnam [3] [4] [7] [9], and Angola [4] [9].
Amnesty International has conducted an investigation revealing that Predator spyware [3], developed by Israeli surveillance company Intellexa [3], has targeted at least 50 accounts belonging to 27 individuals and 23 institutions [3]. The spyware has the ability to access the microphone [3], camera [1] [3] [5], and data on infected devices without the user’s knowledge [3]. Among the targets are the President of the European Parliament [1] [3], UN officials [3], and US lawmakers [3]. The investigation suggests that a social media account named “@Joseph_Gordon16” was likely acting on behalf of the Vietnamese government or interest groups in the country [3], as it posted malicious links to infect devices with Predator spyware [3].
Conclusion
The widespread use of the Predator spyware highlights the potential for human rights abuses facilitated by the unchecked sale and transfer of surveillance technologies [7]. The operation also raises concerns about the failure of EU regulations to address the use of spyware [7]. The United States government has placed Intellexa on its “entity list” to restrict trading with American companies [9]. Amnesty International criticizes the lack of government safeguards against the use of these surveillance products [9], which undermine human rights [4] [7] [8] [9], press freedoms [4] [7] [8] [9], and social movements [4] [9].
To protect against such threats, it is important to keep software up-to-date [6], install antivirus software [6], be cautious about cookies [6], and use anti-tracking browser extensions [6]. Additionally, users can enroll in Google’s Advanced Protection Program for additional security [6].
References
[1] https://www.scmagazine.com/news/predator-files-report-prompts-call-for-worldwide-ban-on-spyware
[2] https://www.darkreading.com/endpoint/operation-behind-predator-mobile-spyware-industrial-scale
[3] https://www.brusselstimes.com/eu-affairs/729331/european-parliament-president-targeted-by-predator-spyware
[4] https://amnesty.ca/human-rights-news/predator-spyware-scandal-reveals-brazen-targeting-of-civil-society-politicians-and-officials/
[5] https://www.expressvpn.com/blog/how-to-detect-predator-spyware/
[6] https://www.tomsguide.com/news/this-dangerous-android-malware-spies-on-your-every-move-what-to-do
[7] https://siliconangle.com/2023/10/09/predator-files-describe-another-nefarious-global-spyware-campaign/
[8] https://vulnera.com/newswire/industrial-scale-operation-behind-predator-mobile-spyware-revealed/
[9] https://www.washingtonpost.com/politics/2023/10/06/meet-predator-files-latest-investigative-project-looking-into-spyware/
