Predator spyware is still active and getting harder to track – here’s how to stay safe

After a few months of silence due to public attention and US sanctions, the Predator spyware is back and even better at evading detection.

This is the disturbing revelation that comes from experts at Insikt Group as they detect the new infrastructure of the mercenary spyware toll in multiple countries, including the Democratic Republic of Congo (DRC) and Angola.

“Predator is far from gone,” experts wrote. “Recent findings from Insikt Group reveal that Predator’s infrastructure is back with tweaks to evade detection and anonymize users.”

Developed by the Intellexa Alliance – a group of companies, many of which are based in the EU – Predator spyware is a highly invasive mobile hacking software (for both Android and iPhone) that is designed to leave minimal traces on compromised devices. It uses both one-click and zero-click attack vectors to install itself on targeted phones, exploiting vulnerabilities in the browser and network access.

To research suggest that this advanced mercenary spyware, similar to the infamous Pegasus developed by the Israeli company NSO Group, has been widely used by government agencies since 2019.

Predator is very dangerous because of the level of intrusion. Once the device is infected, the spyware has unlimited access to the microphone, camera and all the data of the users, such as contacts, messages, photos and videos, without their knowledge.

The latest report concluded that Predator operators have “significantly improved their infrastructure” by adding layers of complexity that make it even harder to track. The malware now has an additional layer in its delivery system that anonymizes customer activity. Simply put, it is now even harder for researchers to identify the countries that are using Predator and track how its use is spreading.

“The resurgence of Predator spyware is a stark reminder of the growing dangers of mercenary spyware,” experts wrote. “Public reporting, ongoing research, and stricter regulation are critical to minimizing the damage caused by tools like Predator.”

How to Protect Yourself from Predator Spyware

It is true that spyware tools are powerful malware and that it is very difficult to fully protect against them. For example, simply connecting to security software such as the best VPN and antivirus apps is not enough to combat the spyware threat. However, there are still a number of steps you can take to significantly reduce the risk of becoming a target.

As experts noted, “Predator infrastructure has evolved, making it more difficult to track and identify users. But with the right cybersecurity practices, individuals and organizations can reduce their risk of being targeted.”

So, if you are a public figure, such as a politician, journalist, activist, or company executive, you should be vigilant at all times. Below are the defensive measures suggested by Insikt Group that you should take to reduce the risk of a Predator attack:

• Make sure your software is always up to date. A piece of advice that never gets old: by staying up to date with updates on your device, you significantly reduce the chance of vulnerabilities that Predator could exploit.
• Restart your device regularly. Rebooting your device can also help disrupt spyware operations, so experts recommend doing it periodically. Keep in mind that a reboot may not be enough to completely eliminate advanced spyware.
• Enable lockdown mode. Available on both iPhones and Android phones, Lockdown Mode is a security feature that enhances the security of the device with strict controls, such as disabling biometric access.
• Improve the security of your organization. To protect your workforce, experts recommend implementing a Mobile Device Management (MDM) system and investing in security awareness training to educate your employees about online risks.