Predator

Malware updated 2 months ago (2024-10-06T15:01:04.182Z)

Download STIX

Preview STIX

Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites and then proceed to steal personal information, disrupt operations, or even hold data hostage for ransom. Cytrox Holdings ZRT initially developed the Predator spyware before production moved to Cytrox AD in North Macedonia. Thalestris Limited, an Ireland-based entity within the Intellexa Consortium, holds distribution rights to the Predator spyware and acts as a financial holding company for the Consortium. Recently, Predator operators have added several layers to enhance their infrastructure, anonymize operations, and evade detection, making it more difficult to identify which countries are using the spyware. In Egypt, recently patched Apple and Chrome zero-days were exploited to infect devices with Predator spyware. Zero-day brokers and commercial spyware vendors can exploit these vulnerabilities to target mobile users and deploy malware like Predator. Baseband exploits are frequently listed in exploit marketplaces with low payouts, indicating their abundance. In early September 2024, researchers from Recorded Future warned that the Predator spyware has resurfaced with fresh infrastructure after a decline caused by US sanctions against the Intellexa Consortium. This resurgence highlights Predator’s ongoing use in countries such as the Democratic Republic of the Congo (DRC) and Angola. While Predator continues to pose significant privacy and security risks, especially to high-profile individuals like politicians and executives, new infrastructure changes make tracking users more difficult. Felix Bitzios, an owner and manager of Intellexa S.A., was involved in supplying Predator to foreign governments.

Description last updated: 2024-10-06T14:15:35.252Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Predator Spyware is a possible alias for Predator. Predator Spyware is a malicious software known for its extensive data-stealing and surveillance capabilities. It has been designed to exploit and damage devices, often infiltrating systems via suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Spyware

Malware

Exploit

Exploits

Ios

Intellexa

Zero Day

Android

Source

Infostealer

Government

Implant

Chrome

Vulnerability

Cytrox

Tool

Apple

Apt

Ransomware

Remote Code ...

Loader

Ddos

Google

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Pegasus Malware is associated with Predator. Pegasus is a highly controversial and sophisticated malware, developed by Israel's NSO Group, designed to covertly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detec	Unspecified	7

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2023-41991 Vulnerability is associated with Predator. CVE-2023-41991 is a critical software vulnerability discovered within Apple's Security framework, as part of an exploit chain that included two additional vulnerabilities (CVE-2023-41992 and CVE-2023-41993) found in the WebKit browser engine and Apple's kernel framework. These flaws were reported by	Unspecified	3
The CVE-2023-41993 Vulnerability is associated with Predator. CVE-2023-41993 is a software vulnerability discovered in Apple's WebKit browser engine. This flaw, along with two others (CVE-2023-41991 and CVE-2023-41992), was identified as being exploited in attacks in the wild, prompting Apple to release emergency security updates. These vulnerabilities allowed	Unspecified	3
The CVE-2023-41992 Vulnerability is associated with Predator. CVE-2023-41992 is a significant vulnerability discovered in Apple's Kernel Framework, which provides APIs and support for kernel extensions and kernel resident device drivers. This flaw in software design or implementation allows local attackers to exploit it and escalate their privileges within the	Unspecified	3
The CVE-2023-5217 Vulnerability is associated with Predator. CVE-2023-5217 is a high-severity zero-day vulnerability identified within the VP8 encoding of the open-source libvpx video codec library utilized by Google Chrome. The flaw, a heap buffer overflow, was capable of causing application crashes or allowing arbitrary code execution, thereby making it a s	Unspecified	2
The CVE-2023-4762 Vulnerability is associated with Predator. CVE-2023-4762 is a software vulnerability, specifically a remote code execution flaw in the Chrome web browser. This vulnerability was identified by researchers from Google's Threat Analysis Group (TAG) in September 2023, around the same time Apple disclosed its own zero-day bugs. The vulnerability	Unspecified	2

Source Document References

Information about the Predator Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	Google Pixel 9 supports new security features to mitigate baseband attacks
Securityaffairs	2 months ago	U.S. Treasury issued fresh sanctions against entities linked to the Intellexa Consortium
DARKReading	2 months ago	Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets
InfoSecurity-magazine	2 months ago	US Ramps Up Sanctions on Spyware-Maker Intellexa
BankInfoSecurity	2 months ago	More US Sanctions Against Predator Spyware Maker Intellexa
Securityaffairs	2 months ago	Predator spyware operation is back with a new infrastructure
DARKReading	2 months ago	Commercial Spyware Use Roars Back Despite Sanctions
InfoSecurity-magazine	2 months ago	Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions
Recorded Future	3 months ago	Predator Spyware Infrastructure Resurfaces Post-Sanctions – What You Need to Know
DARKReading	4 months ago	Sophisticated Android Spyware Targets Users in Russia
CERT-EU	9 months ago	Predator Spyware Targeted Mobile Phones in New Countries
Recorded Future	4 months ago	Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices
InfoSecurity-magazine	6 months ago	Cybercriminals Exploit Cloud Storage For SMS Phishing Scams
Securityaffairs	7 months ago	U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
CERT-EU	8 months ago	12 Months of Fighting Cybercrime & Defending Enterprises \| #cybercrime \| #infosec \| National Cyber Security Consulting
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU	8 months ago	Officer Joshua Rodriguez is honored for his work in stopping alleged child predator \| News \| #childpredator \| #kidsaftey \| #childsaftey \| National Cyber Security Consulting
CERT-EU	8 months ago	Confronted with Chinese hacking threat, industrial cybersecurity pros ask: What else is new?
CERT-EU	8 months ago	Health care groups resist cybersecurity rules in wake of landmark breach
CERT-EU	8 months ago	GRIT Ransomware Report: February 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting