Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Madagascar Drops Predator Spyware on Citizens in Watering Hole Attack

The Predator spyware was distributed by dropping malicious links inside typosquatted facsimiles of news websites.

Ring tailed lemurs (Lemur catta) drinking water at a pond
Source: Ger Bosma via Alamy Stock Photo

Madagascar's government services — such as police or domestic intelligence — have apparently purchased and leveraged Predator to conduct political domestic surveillance ahead of a presidential election in November.

According to research by Sekoia, the effort was a watering hole attack: Links to download the spyware were added to WordPress blogs containing genuine articles taken from the Madagascan newspaper Midi Madagasikara. Anyone looking for the legitimate story could have ended up on the malicious page and gone on to download the spyware, according to the firm. The malicious links were obscured with URL shorteners.

Other assessments by the company showed that nations across the Middle East, Africa, and beyond have been using the Predator spyware in efforts to monitor citizens. In particular, it determined that Angola's government services used Predator, while Kazakhstan intelligence services purchased and used the spyware too.

Sekoia said active checks of an infrastructure cluster related to the spyware found that in total, there were 121 active domain names including in Angola, Egypt and the Persian Gulf.

The Predator spyware was developed by European company Cytrox and is used to target both Android and Apple iOS operating systems. Recently, it was spotted being delivered in zero-click attacks against targets in Egypt. According to Citizen Lab, one of those targets was former Egyptian MP Ahmed Eltantawy, who was targeted via network-based injection that redirected him to malicious Web pages when he visited non-HTTPS sites. There, a zero-day exploit was used to install Predator on his iPhone. 

About the Author(s)

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights