#Predator #spyware kan skjule kamera- og mikrofon-indikatorer på en iPhones skærm for at muliggøre lydløs optagelse

I modsætning til tidligere open source-exploits, der opnåede det samme resultat, kan Predator deaktivere indikatorerne, mens resten af skærmens brugergrænseflade forbliver aktiv

Spywaren er udviklet af et firma kaldet #Intellexa tidligere #Cytrox
https://www.jamf.com/blog/predator-spyware-ios-recording-indicator-bypass-analysis/

#Predator #Spyware Turns Failed Attacks Into Intelligence for Future Exploits

https://www.securityweek.com/predator-spywares-granular-anti-analysis-features-exposed/

#cybersecurity #Cytrox #privacy #Intellexa

Since 2020 in #Greece, the national intelligence agency #EYP has been implicated in using Israeli-made " #Cytrox #Predator " #spyware to target journalists, opposition and activists (having full access to its WhatsApp etc). This scandal led to significant resignations:

* Panagiotis Kontoleon, the head of Greek agency EYP, stepped down in August 2022.
* G. Voulgarakis, a senior aide to Prime Minister Kyriakos Mitsotakis, also resigned.

more in english: https://www.dnews.gr/eidhseis/news-in-english/522954/predator-spyware-intellexa-and-the-greek-surveillance-scandal-head-back-to-courtabout

#privacy

Would-be president pwned by President: #AhmedTantawy had phone hacked; #CitizenLab says Egyptian govt did it.

Fingered: @VodafoneEgypt, @Sandvine and #Cytrox itself. In today’s #SBBlogwatch, we rethink seeing pyramids. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2023/09/ios-zero-cytrox-predator-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

#Cybersecurity #Egypt #Spyware #Predator #Cytrox: "- Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp. The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections.

- In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.

- During our investigation, we worked with Google’s Threat Analysis Group (TAG) to obtain an iPhone zero-day exploit chain (CVE-2023-41991, CVE-2023-41992, CVE-2023-41993) designed to install Predator on iOS versions through 16.6.1. We also obtained the first stage of the spyware, which has notable similarities to a sample of Cytrox’s Predator spyware we obtained in 2021. We attribute the spyware to Cytrox’s Predator spyware with high confidence.

- Given that Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the network injection attack to the Egyptian government with high confidence.

- Eltantawy’s phone was additionally infected with Cytrox’s Predator spyware two years prior, in November 2021, via a text message containing a link to a Predator website."

https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/