Security researchers have discovered a new type of sophisticated iPhone spyware, signaling that Apple's devices are still threatened even if NSO Group shuts down its surveillance tools.
Researchers at the Citizen Lab on Thursday published new findings on a spyware tool dubbed Predator. The tool is built and sold by little-known mercenary surveillance company Cytrox.
The team found the spyware on the smartphones of two Egyptians — an exiled politician and a news program host. The iPhone of the politicians phone, Ayman Nour, was compromised both by Predator and NSO Group's Pegasus — and each was apparently operated by different government clients.
Both of the victims were attacked with the Predator spyware in June 2021. Citizen Lab indicates that the spyware made it onto a target iPhone through single-click links send via WhatsApp. They were able to infect iPhone models running iOS 14.6, which was the latest version of the software at the time.
Nour only became suspicious that his device was compromised when he noticed that it was "running hot." Citizen Lab then analyzed the device and reviewed logs from his phone. The security researchers believe that the attacks originated from the Egyptian government.
Cytrox is part of the so-called "Intellexa alliance," which is a network of mercenary spyware vendors that emerged in 2019. Although originally based in Cyprus, recent reports indicate that Intellexa now operates in Greece.
Spyware targeting iPhone devices is becoming spotlighted in the public eye after controversy surrounding a surveillance product made by Israeli company NSO Group.
The NSO Group-developed Pegasus spyware has been used by government actors to target political dissidents, activists, and journalists — and members of the U.S. State Department. Security researchers at Google's Project Zero in December suggested that NSO Group's surveillance capabilities rival those of nation-states.
Apple sued NSO Group in November in an attempt to hold the company accountable for its surveillance of iPhone users. The company is reportedly mulling shutting down its Pegasus spyware because of the financial and legal pressure.