State trojan “Predator” targeted at Egyptian presidential candidate

State trojan “Predator” targeted at Egyptian presidential candidate

A spyware consortium called Intellexa has linked a series of zero-day vulnerabilities in Apple’s mobile operating system that were unknown until a few days ago, thereby creating a gateway for the Predator surveillance software. The iPhone of the Egyptian politician Ahmed Eltantawy, a former member of parliament and candidate in the 2024 presidential elections, was demonstrably spied on in this way – the Egyptian state is most likely behind this operation. This is what security specialists from Citizen Lab discovered in collaboration with Google’s Threat Analysis Group (TAG).

Advertisement

Prepared short messages – politicians became suspicious

Eltantawy was also the leader of the al-Karama party and announced in March this year that he would run as a candidate in next year’s presidential election. From May to September, according to the Canadian Citizen Lab report, there were attempts to install the spyware “Predator” from the Intellexa subsidiary Cytrox on Eltantawy’s iPhone. These attempts consisted of SMS and WhatsApp messages with links to prepared websites that were sent to the politician.

In addition, his iPhone was targeted for a network injection attack from August to September. According to the Citizen Lab analysis, special hardware for delivering the spyware must have been installed at the interface to the network of Vodafone Egypt (the politician’s provider) – in any case within Egypt – from which his smartphone was monitored. During this period, when Eltantawy visited certain unencrypted websites, the device redirected him to crafted websites that attempted to infect his iPhone with Predator. Eltantawy became suspicious and gave his smartphone to Citizen Lab for analysis.

Targeted eavesdropping on presidential candidates

During the investigation by Citizen Lab and Google TAG, the specialists uncovered a number of security holes that were linked together to make the attack possible and the aim of which was to install spyware. This spyware, whose first component to be installed Citizen Lab also analyzed, is very similar to the well-known commercial spyware Predator from Cytrox. Since Egypt is known to be a Cytrox customer, Citizen Lab concludes, it is very likely that the Egyptian government (and correspondingly instructed institutions) was behind the attack on Eltantawy. The attack is specifically tailored to iOS versions up to and including 16.6.1.

The security holes exploited in this attack are exactly the three that Apple only closed on Thursday of this week (September 21st). They affect iOS before version 16.7 as well as the recently released iOS 17 (current is 17.0.1), as well as iPadOS, macOS and watchOS. An update is strongly recommended.

Spyware against people critical of the government

Citizen Lab previously uncovered a Predator spyware attack on two Egyptian politicians. In 2021, two Egyptian exiles were affected, whose smartphones were also infected with the Pegasus spyware from competitor NSO Group. And the year before, Citizen Lab uncovered an attack on Al-Jazeera journalists. The Predator spyware has now been analyzed quite well and is also used against Android smartphones. Recently, people in Poland who were critical of the government were also affected, whose phones fell victim to Pegasus and who are said to have been completely screened.

(tiw)

To the homepage
#State #trojan #Predator #targeted #Egyptian #presidential #candidate