Predator Spyware Targeted Mobile Phones in New Countries

March 4, 2024
Predator Spyware Targeted Mobile Phones in New Countries
  1. Home
  2. News
  3. Predator Spyware Targeted Mobile Phones in New Countries

The Predator spyware, at the heart of the Predator Files affair in 2023, is still used in many countries, according to cybersecurity provider Recorded Future.

The spyware developer Cytrox and its umbrella organization Intellexa were associated with human rights violations by the Predator Files, a media project launched in September 2023 and coordinated by the European Investigative Collaborations.

However, in a new report published on March 1, 2024, Insikt Group, Recorded Future’s threat intelligence team, discovered new campaigns targeting mobile phones in several countries with the Predator spyware.

Specifically, the threat researchers identified evidence of the likely continued use of Predator within at least 11 countries: Angola, Armenia, Botswana, Egypt, Indonesia, Kazakhstan, Mongolia, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago.

This is the first time Predator use has been identified in Botswana and the Philippines.

No Need for Major Changes Within Predator Infrastructure

In the report, Recorded Future’s Insikt Group described a new multi-tiered Predator delivery infrastructure network consisting of delivery servers, upstream servers, and infrastructure.

The firm assessed that this new infrastructure is “highly likely associated with Predator customers,” suggesting that the spyware operators have not ceased selling their product following the Predator Files.

Instead, they’ve continued operating by implementing minimal changes to their mode of operation.

The new multi-tiered infrastructure network includes:

  • Downstream delivery servers likely used for device exploitation and initial access. These host a domain spoofing feature targeted for particular entities that may be of interest to the target for social engineering purposes
  • A consistent upstream virtual private server (VPS) IP address over Transmission Control Protocol (TCP) port 10514. These upstream servers are very likely used as hop points for anonymization purposes
  • Static in-country internet service provider (ISP) IP addresses likely associated with Predator customers
Tags:

No tags.

JikGuard.com, a high-tech security service provider focusing on game protection and anti-cheat, is committed to helping game companies solve the problem of cheats and hacks, and providing deeply integrated encryption protection solutions for games.

Explore Features>>

Top

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
UK’s NCSC Offers Security Tips as Co-op Confirms Data Loss
May 6, 2025
None
Darcula Phishing as a Service Operation Snares 800,000+ Victims
May 6, 2025

Tags

Featured BlogsTop StoriesLayoffsBlogsCultureFeaturesGenerative AIGDC 2024Horror GamesUnityUbisoftValveStaff BlogOmdia | Game Industry AnalysisGame Developer EssentialsState of the Game Industry ReportGame Developer's 2024 Wrap-Up: Top Games Devs and TrendsGame Developer CollectiveAudioDesignerSpotlight SeriesDeep Divesunity encryption[Company] UnityArtist[Company] Xbox[Company] PlayStationCooking GamesAnti-modifierGame SecurityRootRoot detectionAssetbundle encryptionGodotCareer adviceQ&A'sGameGuardianModifierAnti-RootSignature verificationUnity Hardeningab package encryptioniOS resource encryptionCECheat EngineAnti-CrackingGame Anti-HackingAnti-Hacking

Recent

Top Mobile Game Security: Essential Solutions to Protect Your Game
Top Mobile Game Security: Essential Solutions to Protect Your Game
May 7, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
JNI Protection in Games
May 7, 2025
None
UK’s NCSC Offers Security Tips as Co-op Confirms Data Loss
May 6, 2025
None
Darcula Phishing as a Service Operation Snares 800,000+ Victims
May 6, 2025
None
Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks
May 6, 2025
None
Smishing Triad Upgrades Tools and Tactics for Global Attacks
May 6, 2025
None
Texas School District Notifies Over 47,000 People of Major Data Breach
May 6, 2025
None
Bungie's content cycling on Destiny 2 causes legal kerfuffle in plagiarism suit
May 6, 2025
None
NCSoft invests in TX-based studio founded by id, Naughty Dog alums
May 6, 2025

Popular

None
Ransomware Attacks Fall in April Amid RansomHub Outage
May 5, 2025
None
TikTok Fined €530m Over Transfers of European User Data to China
May 5, 2025
None
Harrods Latest UK Retailer to Fall Victim to Cyber-Attack in Recent Days
May 2, 2025
None
Third of Online Users Hit by Account Hacks Due to Weak Passwords
May 2, 2025
None
White House Warns China of Cyber Retaliation Over Infrastructure Hacks
May 2, 2025
None
CISA Confirms Exploitation of SonicWall Vulnerabilities
May 2, 2025
None
Microsoft's Q3 report shows slight Xbox growth as fresh price hikes loom
May 2, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Vox sells Polygon to Valnet in a blow to video game market
May 2, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025

Random

None
UK’s NCSC Offers Security Tips as Co-op Confirms Data Loss
May 6, 2025
None
UK Retailer Co-op Confirms Hack, Reports "Small Impact" to Its Systems
April 30, 2025
None
Texas School District Notifies Over 47,000 People of Major Data Breach
May 6, 2025
None
Compulsion Games boss: Generative AI usage 'is not mandated' at Xbox
May 2, 2025
None
'It was really wearing people down:' The funding challenges that followed 'runaway success' Another Crab's Treasure
May 1, 2025
None
Darcula Phishing as a Service Operation Snares 800,000+ Victims
May 6, 2025
None
Mastering String Encryption: Protect Your Games from Hackers
May 7, 2025
None
GTA VI has been delayed until 2026 but now has an actual release date
May 2, 2025
None
Smishing Triad Upgrades Tools and Tactics for Global Attacks
May 6, 2025
None
Microsoft Expands Cloud, AI Footprint Across Europe
April 30, 2025

Most Views

None
France Slams Russia’s APT28 for Four-Year Cyber-Espionage Campaign
April 30, 2025
None
JPMorgan CISO Urges SaaS Security Reset
April 30, 2025
None
US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers
April 30, 2025
None
DHS Head Accuses CISA of Acting Like “the Ministry of Truth”
April 30, 2025
None
UK Retailer Co-op Confirms Hack, Reports "Small Impact" to Its Systems
April 30, 2025
None
Microsoft Expands Cloud, AI Footprint Across Europe
April 30, 2025
None
RansomHub Refines Extortion Strategy as RaaS Market Fractures
April 30, 2025
None
Report: Russia aims to seize assets of former Wargaming subsidiary Lesta Studio
April 30, 2025
None
Report: EA lays off hundreds of workers after canceling games at Respawn Entertainment
April 30, 2025
None
'We are frustrated:' ZeniMax union workers continue to pressure Microsoft over contract negotiations
April 30, 2025