Android users around the world are becoming the target of a new spyware called "alien". It is said that the spyware was developed by a company called cytrox in northern Macedonia After being infected by it, the device will further load malicious virus software called "Predator". To make matters worse, Google's threat analysis group (tag) has identified at least three cases active in the wild.
(screenshot via citizenlab)
Google claims that multiple vulnerabilities exploited by alien spyware were packaged and provided by a commercial monitoring company called cytrox and sold to entities with different government backgrounds.
At the same time, citizenlab, an online security research company, has also detected multiple attacks, and Google says they are all related to alien spyware.
Ivo malinkovksi, CEO of cytrox, dressed in a "make money" T-shirt and posing to imitate jobs
Specifically, Google pointed out that alien spyware mixed some zero day and old vulnerabilities. And malware developers seem to be actively looking for some vulnerabilities that have been patched but have not received enough attention. It is a time difference to attack before the Android ecosystem is fully deployed.
As for the main transmission channel of the virus, it is still common e-mail. If the victim clicks on the suspicious link, he will be redirected to the website where the malware is implanted. The originally expected website will not be opened until other "payloads" (i.e. predictor virus software) are loaded.
Example of a picture with a malicious link
Google added: all three spyware activities sent one-time links based on short URL services to target Android users through e-mail channels.
Although the scope of activity is relatively limited (usually only covering dozens of users), after accidentally clicking on the malicious link, the victim will be redirected to the domain held by the attacker to pass the exploit before guiding the browser to the legitimate site.
2021-06-22 data chart: Pegasus and predictor processes running simultaneously on the victim's mobile phone are detected
It is said that in addition to secretly recording audio and hiding applications, the malware will also perform some more evil activities.
Finally, although Google It claims that it has pushed a vulnerability patch, but the majority of Android users still need to be highly vigilant against email attachments and links from unknown sources.