Egyptian presidential hopeful targeted by Predator spyware
Citizen Lab said it had “high confidence” that the Egyptian government was responsible for the failed hacking attempt. The effort targeted journalist and former member of parliament Ahmed Eltantawy and was first reported by Mada Masr, an independent Egyptian news organization. Eltantawy had been living briefly in Lebanon but moved back to Egypt in May.
Zero-day exploits are particularly dangerous and valuable because they take advantage of as-yet-undiscovered security gaps. In this case, Eltantawy would not have had to click on anything to be infected.
“A full zero-day exploit chain like this, that’s capable of installing spyware on the latest and greatest iPhones — there’s not many of those that get caught, a few a year,” said Bill Marczak, a senior research fellow at Citizen Lab. “These things are very expensive to develop. If you look at brokers that buy and sell and publish price lists online, this would go for several million dollars.”
In July, the Biden administration blacklisted Cytrox, which makes Predator, and Intellexa, the business alliance to which Cytrox belongs, by adding them to the Commerce Department’s “entity list,” which places harsh licensing and trade restrictions on them. The administration said they trafficked “in cyber exploits used to gain access to information systems, thereby threatening the privacy and security of individuals and organizations worldwide.”
Once installed on a phone, Predator can steal passwords, log keystrokes, take data from various apps, copy chat messages and record calls, including those made within encrypted applications, Marczak said.
Like other…