Predator

Malware Profile Updated 14 days ago
Download STIX
Preview STIX
Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple and Chrome to infect devices in Egypt. Key findings from the Insikt Group's research include the identification of a new multi-tiered Predator delivery infrastructure, based on domain analysis and network intelligence data. The use of such spyware poses significant risks to privacy, legality, and physical safety, especially when used outside serious crime and counterterrorism contexts. Despite being marketed for counterterrorism and law enforcement purposes, Predator has often been used against civil society, targeting journalists, politicians, and activists. No specific victims or targets have been currently identified in this latest activity. This recent investigation marks the first identification of Predator customers in Botswana and the Philippines. New research from Recorded Future’s Insikt Group examines newly discovered infrastructure related to the operators of Predator, a mercenary mobile spyware. Intellexa, another product offered by the same group behind Predator, includes Mars, a network injection system installed at mobile operator ISPs. This system silently redirects any unencrypted HTTP request from a smartphone to a Predator infection server. Jupiter, an add-on for Mars, enables injection into encrypted HTTPS traffic but only works with domestic websites hosted by a local ISP. The exploitation of these tools and the integration of AI like ChatGPT with Predator pose significant risks to cloud services.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Predator Spyware
4
Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Spyware
Malware
Exploit
Intellexa
Zero Day
Android
Ios
Government
Vulnerability
Implant
Apple
Cytrox
Exploits
Infostealer
Chrome
Apt
Ransomware
Loader
Ddos
Google
Telegram
Known Exploi...
Backdoor
Trafficking
Phishing
India
Curl
netscaler
Windows
Bot
European
Tool
Fraud
Trojan
Youtube
Colorado
Ransom
Kaspersky
Cybercrime
Talos
Meta
France
Rat
Fbi
Israeli
Moveit
Cisco
Angola
Aws
Magento
Whatsapp
Payload
Macos
Remote Code ...
Facebook
Source
RCE (Remote ...
Wordpress
XSS (Cross S...
Discord
IpadOS
AITM
Scams
Eu
Greece
Cyberscoop
Police
Linux
Smishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PegasusUnspecified
7
Pegasus is a highly sophisticated malware developed by the NSO Group, known for its advanced and invasive capabilities. It is classified as mercenary spyware, often used by governments to target individuals such as journalists, political activists, and others of interest. Pegasus is particularly not
P2pinfectUnspecified
1
P2Pinfect is a malicious software (malware) that has recently been updated to target Redis servers with miners and ransomware, as well as routers and Internet of Things (IoT) devices. This malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once
SprysocksUnspecified
1
SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowle
Red OctoberUnspecified
1
Red October is a sophisticated malware, also known by aliases such as Clean Ursa, Inception, Oxygen, and Cloud Atlas. This malicious software has been utilized by an active cyber espionage group since at least 2014, targeting several countries including Russia, Belarus, Azerbaijan, Turkey, and Slove
QakBotUnspecified
1
Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e
TaurusUnspecified
1
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal
Taurus InfostealerUnspecified
1
None
LockbitUnspecified
1
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
MarsUnspecified
1
Mars is a malicious software (malware) that has been discovered by Trend Micro's Mobile Application Reputation Service (MARS) team. This malware is particularly damaging as it involves two new Android malware families related to cryptocurrency mining and financially-motivated scam campaigns, targeti
TRITONUnspecified
1
Triton is a sophisticated malware that has been historically used to target the energy sector. It was notably used in 2017 by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM) to attack a Middle East petrochemical facility. The malware, also known as Trisis and
Royal RansomwareUnspecified
1
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
LuadreamUnspecified
1
LuaDream is a type of malware, specifically designed to exploit and damage computer systems or devices. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
1
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
Androxgh0stUnspecified
1
AndroxGh0st is a threat actor or hacking group that has been identified as a significant cybersecurity concern. The group utilizes a botnet for victim identification and exploitation, with alerts raised by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Ag
ShadowsyndicateUnspecified
1
ShadowSyndicate, a threat actor that emerged in 2019, has been implicated in multiple ransomware operations according to cybersecurity firm Group-IB. The group is known for its affiliations with various ransomware groups and programs, and has been involved in several ransomware projects such as JSWO
AlphvUnspecified
1
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
InsomniaUnspecified
1
Insomnia, as a cybersecurity term, refers to a threat actor group that is responsible for carrying out malicious activities. These threat actors could be individuals, private companies, or government entities. The naming conventions in the cybersecurity industry can often be confusing due to lack of
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-41991Unspecified
3
CVE-2023-41991 is a critical software vulnerability discovered within Apple's Security framework, as part of an exploit chain that included two additional vulnerabilities (CVE-2023-41992 and CVE-2023-41993) found in the WebKit browser engine and Apple's kernel framework. These flaws were reported by
CVE-2023-41992Unspecified
3
CVE-2023-41992 is a significant vulnerability discovered in Apple's Kernel Framework, which provides APIs and support for kernel extensions and kernel resident device drivers. This flaw in software design or implementation allows local attackers to exploit it and escalate their privileges within the
CVE-2023-41993Unspecified
3
CVE-2023-41993 is a software vulnerability discovered in Apple's WebKit browser engine. This flaw, along with two others (CVE-2023-41991 and CVE-2023-41992), was identified as being exploited in attacks in the wild, prompting Apple to release emergency security updates. These vulnerabilities allowed
CVE-2023-4762Unspecified
2
CVE-2023-4762 is a software vulnerability, specifically a remote code execution flaw in the Chrome web browser. This vulnerability was identified by researchers from Google's Threat Analysis Group (TAG) in September 2023, around the same time Apple disclosed its own zero-day bugs. The vulnerability
CVE-2023-5217Unspecified
2
CVE-2023-5217 is a high-severity zero-day vulnerability identified within the VP8 encoding of the open-source libvpx video codec library utilized by Google Chrome. The flaw, a heap buffer overflow, was capable of causing application crashes or allowing arbitrary code execution, thereby making it a s
CVE-2023-4863Unspecified
1
CVE-2023-4863 is a critical vulnerability that has been identified in various major software applications, including Microsoft Windows and Server, Microsoft Edge, Microsoft Office, Word and 365 Apps, Google Chrome, Mozilla Firefox and Thunderbird, and the libwebp library used for handling WebP bitma
CVE-2023-5009Unspecified
1
None
CVE-2023-36845Unspecified
1
CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical funct
Source Document References
Information about the Predator Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Recorded Future
14 days ago
Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices
InfoSecurity-magazine
2 months ago
Cybercriminals Exploit Cloud Storage For SMS Phishing Scams
Securityaffairs
3 months ago
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
CERT-EU
4 months ago
12 Months of Fighting Cybercrime & Defending Enterprises | #cybercrime | #infosec | National Cyber Security Consulting
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU
4 months ago
Officer Joshua Rodriguez is honored for his work in stopping alleged child predator | News | #childpredator | #kidsaftey | #childsaftey | National Cyber Security Consulting
CERT-EU
4 months ago
Confronted with Chinese hacking threat, industrial cybersecurity pros ask: What else is new? 
CERT-EU
4 months ago
Health care groups resist cybersecurity rules in wake of landmark breach
CERT-EU
4 months ago
GRIT Ransomware Report: February 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
4 months ago
Training days: How officials are using AI to prepare election workers for voting chaos
CERT-EU
4 months ago
Not everything has to be a massive, global cyber attack
CERT-EU
4 months ago
FCC approves cybersecurity label for consumer devices
CERT-EU
4 months ago
New Hampshire voters sue operative, companies behind Biden AI robocall
CERT-EU
4 months ago
Top cybersecurity officials stress more funding for federal agencies
CERT-EU
4 months ago
What resources do small utilities need to defend against cyberattacks?
CERT-EU
4 months ago
As Sanctions Continue, Malware Purveyors Starting To Worry It Won’t Be As Easy To Sell Spyware To Bad People
CERT-EU
4 months ago
FBI warns sextortion of teenagers is on the rise
CERT-EU
4 months ago
Biden's budget proposal seeks funding boost for cybersecurity
CERT-EU
4 months ago
Former College Track and Field Coach Sentenced to Five Years in Prison for Sextortion, Cyberstalking, and Cyber Fraud
Malwarebytes
4 months ago
A week in security (March 4 - March 10) | Malwarebytes