Predator Mobile Malware Targets Android Phones

Security researchers with Google's Threat Analysis Group (TAG) have recently published detailed information on a piece of mobile malware affecting Android devices. The mobile malware is named PEDATOR and was used in several separate campaigns.

The method threat actors used to spread Predator was through another piece of mobile malware, fittingly named ALIEN. Alien was used as a loader for the Predator malware and abused privileged processes in compromised devices. The malicious combo of tools was able to record audio from the compromised device as well as hide installed applications and add CA certificates.

The three separate campaigns that were used to spread the mobile malware combo of Alien and Predator took place over several months in 2021, stretching between August and October. The attacks targeted a vulnerability in the Chrome browser and Samsung phones. The second campaign abused two documented vulnerabilities codified under CVE-2021-37973 and CVE-2021-37976, respectively a use-after-free flaw and an information leak in a service.

The third campaign abused a couple of zero-day vulnerabilities in the Android release of Chrome, now logged under CVE-2021-38003 and CVE-2021-1048.

The vulnerabilities were discovered and patched quickly by Google back in 2021, and this update is more of a follow-through, providing some further specifics about the attacks.

May 20, 2022