Predator: The Stonking New Generation of Spyware

The world of cybersecurity has recently been rattled by the discovery of a stonking new and potent piece of spyware known as Predator. Developed by Cytrox, a company based in North Macedonia, Predator represents a significant evolution in the capabilities of malicious software. This spyware has been sold to various governments worldwide, with the ability to record voice calls, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots.

Predator has been used against both Android and iOS mobile devices, and it works hand in hand with another component known as Alien. Alien is more than just a loader for Predator – it actively implements the low-level capabilities that Predator needs to surveil its victims. In the process, it exploits several vulnerabilities in Google Chrome, Linux, and Android.

The way these two components operate together allows them to bypass restrictions in the Android security model. One notable technique involves injecting Alien into the memory space reserved for Zygote64, which is the method Android uses to start apps. This allows the malware to better manage stolen data. Predator, on the other hand, relies on two additional components – Tcore and Kmem. Tcore contains the core spyware functionality, while Kmem provides arbitrary read and write access into the kernel address space.

But Predator’s menace doesn’t stop at Android devices. It has also been found to exploit vulnerabilities in iOS, leading to the release of an iOS 15.4.1 update to address these issues. Apple has patched the vulnerabilities under active exploitation, but it is a stark reminder of the ongoing arms race in the cybersecurity world.

While the discovery of Predator has sent shockwaves through the cybersecurity community, it also serves as a valuable reminder of the constant need for vigilance and proactive measures against such threats. The research conducted into Predator will surely help engineers build better defenses to detect the spyware and prevent it from working as designed. This stonking revelation underscores the significance of persistent research and development in the field of cybersecurity.

Predator vs Pegasus: Two Sides of the Same Coin

While Predator may be the new kid on the block, it isn’t the first software of its kind to make headlines. Those familiar with the cybersecurity world will likely remember the scandal surrounding the NSO Group’s Pegasus spyware. Like Predator, Pegasus is a powerful piece of software that has been used by governments worldwide for surveillance purposes.

Both Predator and Pegasus are capable of exploiting vulnerabilities in mobile devices to gain unprecedented access to the user’s data. They can record calls, read messages, and even activate cameras and microphones for real-time surveillance. This level of intrusion makes them some of the most potent spyware tools on the market.

Predator and Pegasus also share a more controversial similarity: their clientele. Both pieces of software are marketed to governments and law enforcement agencies, leading to concerns about potential misuse. Reports have surfaced of these tools being used not just for legitimate investigations, but also to spy on journalists, activists, and political opponents.

However, despite their similarities, Predator and Pegasus are not identical. Each piece of software has its unique features and exploits. For example, Predator works in tandem with another component known as Alien, which assists in bypassing security restrictions in Android’s security model. Pegasus, on the other hand, is known for its “zero-click” attacks, which can compromise a device without any action from the user.

While Predator and Pegasus may be different in their design and functionality, they represent a similar threat. They are both powerful tools that, in the wrong hands, can lead to significant breaches of privacy and security. As such, they underscore the importance of ongoing vigilance and proactive defense in the realm of cybersecurity.

The Risks to Journalists and Activists

The emergence of sophisticated spyware like Predator and Pegasus poses significant risks to journalists, activists, and others who work in the public interest. These tools are not just used for legitimate law enforcement investigations, but have been reportedly misused to target these individuals, potentially stifling free speech and endangering lives.

One stark example of this risk involves the case of Jamal Khashoggi, a Saudi journalist and critic of Saudi Arabia’s government. Khashoggi was brutally murdered in the Saudi consulate in Istanbul in 2018, a crime that drew international attention and condemnation.

Prior to his murder, it was reported that NSO Group’s Pegasus spyware was used to infiltrate the phone of one of Khashoggi’s close contacts. This potentially enabled his murderers to track his movements and communications, contributing to his death. While NSO Group has denied any involvement in Khashoggi’s murder, this incident underlines the potential misuse of such technologies.

The Khashoggi case is not isolated. There have been several reported instances where spyware like Pegasus and potentially Predator has been used to target journalists and activists. This misuse represents a significant threat to the freedom of the press and the right to privacy. It allows oppressive governments and other actors to monitor, harass, and silence individuals based on their political beliefs or activities.

Furthermore, the use of these tools can have a chilling effect on free speech and journalistic activities. If individuals fear that their communications are being monitored, they may be less likely to speak out or report on sensitive issues. This is particularly problematic in countries with repressive regimes where independent journalism and political activism are crucial checks on power.

In conclusion, while tools like Predator and Pegasus can have legitimate uses in law enforcement and counter-terrorism, their potential misuse poses serious threats to the rights of individuals. This highlights the need for robust legal and technical safeguards to prevent the misuse of these technologies, as well as greater transparency and accountability from companies that develop and sell such tools.


  1. Arstechnica: “Predator” spyware1​.
  2. Apple Insider: iOS 15.4.1 Update2​.
  3. Forbes: Google Chrome and Android Vulnerabilities3​.
  4. WiSpear Company Overview4​.
  5. TechCrunch: Cytrox Predator Phone Hacking5​.