Citizen Lab has found Predator spyware from the North Macedonian company Cytrox on the iPhones of two Egyptian dissidents. Cytrox is said to be part of a European alliance of companies that want to compete with NSO Group.
Upon investigation, Citizen Lab found the Predator spyware on the iPhones of an Egyptian politician in exile and an Egyptian news show host. The spyware was found to have been installed in June via links sent via WhatsApp. The malware managed to infect iOS 14.6 and download a shortcutsautomation to ensure that the spyware remains after a reboot.
Predator is spyware developed by Cytrox, originally a North Macedonian company that makes attack software for governments, among others. The company is said to be part of Intellexa, an alliance of spyware companies created to compete with the NSO Group as a partnership “based and regulated in Europe with research labs in Europe.” Incidentally, the research organization not only found Predator on the iPhones, but also Pegasus, the spyware that was specifically developed by NSO. Citizen Lab describes the findings in a comprehensive report.
The organization shared information about the malware with Meta, which subsequently deleted three hundred Cytrox accounts on Facebook and Instagram. The accounts would pose as news organizations in phishing campaigns, among other things. The removal of the accounts is part of a broader campaign by Meta aimed at hiring surveillance services.
Different stages of corporate surveillance on Meta . platforms