Alien Spyware Targets Android Users, Google Suspects The Actor Is Supported By This Country's Government!

A new spyware dubbed Alien is now targeting Android users around the world. (photo: doc. unsplash)

JAKARTA - A new spyware dubbed Alien is now targeting Android users around the world. Google's report states that Alien may contain Predator malware or viruses.

Allegedly, the spyware was developed by a company called Cytrox in North Macedonia. However, Google's Threat Analysis (TAG) group has identified it and got three active campaigns of the malware.

Google says that some of the exploits fall under the Alien spyware category, packaged by one commercial surveillance firm, Cytrox, and sold to various government-backed groups.

Online security research firm CitizenLab has also detected several attacks, and Google claims they are all linked to Alien spyware.

"We are assessing the possibility that government-backed actors who purchased this exploit are operating (at least) in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia," Google said in its official blog, Tuesday, May 24.

The tech giant suspects a 0-day exploit that relies on Alien spyware is being used alongside some older exploits.

It appears that malware developers are actively trying to take advantage of the time difference between when some critical bugs are patched, but not flagged as a security issue and when these patches are fully implemented across the Android ecosystem.

The virus appears to be spread mainly via email. The victim receives an email message with a suspicious link. One of the links directs the victim to a website that installs the malware.

It then proceeds to load its main payload, which is the Predator virus before opening the originally intended website.

All three spyware campaigns send one-time links impersonating a URL shortening service to targeted Android users via email. Once clicked, the link will redirect the target to the attacker's domain that sent the exploit before redirecting the browser to a legitimate website.

Once this virus infects Android users, it has the potential to record audio, hide apps, and perform some other malicious activities. Google claims to have submitted a patch to address the vulnerability.

However, it is important for Android users to remain cautious about opening emails from unknown sources. In addition, email users may not click on links embedded in emails without first confirming the authenticity of the sender.