Madagascar’s government services have reportedly utilized the Predator spyware to engage in domestic surveillance leading up to the country’s presidential election in November. This revelation comes from research conducted by cybersecurity firm Sekoia, which discovered that a watering hole attack was employed to distribute the spyware. Links to download the malware were embedded in WordPress blogs that featured genuine articles from the Madagascan newspaper Midi Madagasikara. Unsuspecting users who clicked on these links unknowingly downloaded the spyware onto their devices. To obscure the malicious intent, URL shorteners were used.
Sekoia’s investigation further revealed that various nations across Africa, the Middle East, and beyond have also been employing the Predator spyware to monitor their citizens. Angola’s government services were found to be utilizing the spyware, while the intelligence services in Kazakhstan also purchased and leveraged the same technology.
By actively examining an infrastructure cluster associated with the spyware, Sekoia identified a total of 121 active domain names in Angola, Egypt, and the Persian Gulf region. These findings suggest the widespread use of the Predator spyware by government entities.
The Predator spyware, developed by European company Cytrox, is capable of targeting both Android and Apple iOS operating systems. Recent instances of the spyware being distributed involved zero-click attacks against targets in Egypt. Citizen Lab, a research organization, has documented one such case involving former Egyptian MP Ahmed Eltantawy. Eltantawy was specifically targeted through network-based injection, redirecting him to malicious web pages when he visited non-HTTPS sites. Through a zero-day exploit, the Predator spyware was successfully installed on his iPhone.
The revelations regarding the extensive use of the Predator spyware raise concerns about the potential abuse of surveillance technology by governments for the purpose of political surveillance. In the case of Madagascar, the spyware was employed ahead of the presidential election, indicating a potential infringement on people’s privacy and individual rights. Similar concerns apply to other countries that have utilized the Predator spyware.
The proliferation of surveillance tools like Predator highlights the need for increased cybersecurity measures and user awareness. Individuals should exercise caution when visiting websites and downloading files, especially from unknown or suspicious sources. Additionally, government entities must establish and adhere to legal frameworks that ensure appropriate use of surveillance technologies, striking a balance between security concerns and citizens’ rights to privacy.
The findings from Sekoia’s research shed light on the global nature of cyber espionage and the growing sophistication of surveillance tools. As technology advances, it becomes increasingly crucial for governments, tech companies, and individuals to actively collaborate in protecting privacy, digital rights, and democratic processes from unauthorized surveillance and cyber threats.