World governments and paid hackers, the main source of newly discovered Android exploits

In case anyone was wondering, most of the newly discovered software vulnerabilities and malware used to attack computer systems are being developed by law enforcement agencies and with the funding of governments fighting in the online space.

According to information provided by Google Threat Analysis Group (TAG), a security company in Northern Macedonia called Cytrox has sold no less than four zero-day vulnerabilities discovered in the Chrome browser to groups of hackers known to be affiliated with actors. state. The list is also supplemented by a vulnerability that directly affects the Android system, facilitating the direct attack of the phones used by the designated “targets”.

The exact amounts paid are not known, but we find out that the respective groups of hackers have carried out numerous attacks in countries other than their home countries.

The purchases were incorporated into an invasive spyware application called “Predator”. Equipped with other functions for infiltration and information collection, the software has thus become a very powerful tool, made available to groups of hackers funded by state actors.

“We are confident that these exploits have been packaged by a single commercial surveillance company, Cytrox, and sold to various government-backed actors who have used them in at least three of the campaigns discussed below,” Google Threat researchers said. Analysis Group (TAG) explained in a blog post.

Also, that Cytrox would have assisted its own customers in exploiting vulnerabilities for which patches were already available, in the idea that the selected targets did not have updated devices. We can assume that in this case, the tariffs charged were slightly lower.

Hackers who bought Cytrox services and spyware were all over the world – Greece, Serbia, Egypt, Armenia, Spain, Indonesia, Madagascar and the Ivory Coast, according to Google TAG researchers.

But by far the most worrying thing is that most of the zero-day vulnerabilities discovered in the last year have been funded by private companies such as Cytrox, which have made this business a very profitable business.