A detailed analysis of the commercial spyware known as Predator highlights its evolving capabilities and business model. Researchers from Cisco Talos found that Predator’s ability to persist between reboots became an “add-on feature” offered to customers, depending on their chosen licensing options. This sophisticated spyware, developed by the Intellexa Alliance consortium, targets both Android and iOS, and its multimillion-dollar licensing model makes it a costly tool for espionage, requiring significant resources and technical know-how.
Predator is part of a broader alliance, including Cytrox (later acquired by WiSpear), Nexa Technologies, and Senpai Technologies. The alliance was added to the U.S. Entity List in July 2023 for trafficking in cyber exploits used for unauthorized access to information systems. The recent analysis sheds light on the symbiotic relationship between Predator and another component called Alien, which is crucial for Predator’s effective functioning. This alliance exemplifies a sophisticated approach to espionage, requiring continuous collaboration between the two components to carry out successful spying operations.
The licensing model for Predator is described as running into millions of dollars, depending on factors such as the initial exploit used for access and the number of concurrent infections. The pricing structure places Predator out of reach for casual hackers, emphasizing its use in advanced and targeted cyber-espionage operations. Additionally, the business model of Intellexa, the entity behind Predator, offloads the responsibility of setting up attack infrastructure to customers, providing plausible deniability for the company in case of exposure.
This intricate approach to cyber-espionage highlights the challenges faced by defenders in countering such advanced threats. The broader context of the analysis emphasizes the evolving landscape of cyber threats, especially in the realm of mobile spyware. The researchers argue that public disclosure of technical analyses and tangible samples of mobile spyware is crucial for enhancing scrutiny, detection efforts, and imposing development costs on vendors. While exposing offensive actors and their campaigns has led to successful attribution efforts, it appears to have limited impact on their ability to conduct business globally.
The need for ongoing public scrutiny and evolving detection methods is emphasized to keep up with the dynamic nature of advanced cyber threats like Predator.