Cytrox
Cytrox
Main page

Cytrox

logo
Community Hub0 subscribers
What are your thoughts?
Be the first to start a discussion here.
Be the first to start a discussion here.
Cytrox

Cytrox is a company established in 2017 that makes malware used for cyberattacks and covert surveillance. Its Predator spyware was used to target Egyptian politician Ayman Nour in 2021 and to spy on 92 phones belonging to businessmen, journalists, politicians, government ministers and their associates in Greece. In 2023, the U.S. Department of Commerce added the Cytrox companies Cytrox AD in North Macedonia, and Cytrox Holdings Zrt in Hungary to its Entity List and on 5 March 2024, the U.S. Department of Treasury imposed sanctions upon Cytrox AD of North Macedonia and the Intellexa Consortium, which is the parent firm of Cytrox AD, "for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide."

Cytrox was established in 2017, reportedly as a startup in North Macedonia and received initial funding from Israel Aerospace Industries. Its Crunchbase article describes it as providing an "operational cyber solution" to governments, including gathering information from devices and cloud services. Cytrox's CEO is Ivo Malinkovski. A review of corporate registry documents by the University of Toronto's Citizen Lab indicated that Cytrox has a presence in Israel and Hungary.

In 2019, Forbes reported that Cytrox was rescued by Tal Dilian, a former commander of the Israel Defense Forces (IDF), who acquired the company for under $5 million. Dilian served in the IDF for 25 years prior to his departure, following accusations that he had unlawfully enriched himself. Dilian demonstrated the company's surveillance kit to Forbes by hacking into a Huawei device and obtaining its WhatsApp messages without clicks from the victim.

The Citizen Lab said in 2021 that Cytrox was part of an alliance known as Intellexa, which it called "a marketing label for a range of mercenary surveillance vendors that emerged in 2019." Dilian founded the Intellexa Group in 2018; the Intellexa Alliance combines the Intellexa Group and Nexa, a group of surveillance companies that operates mainly in France.

In December 2021, Meta Platforms announced that Cytrox and six other surveillance-for-hire groups had been banned from using its platforms to target other users, in response to the Citizen Lab's findings about Cytrox's Predator spyware being used to target two Egyptian dissidents in June. Meta also announced it had removed over 1,500 Facebook and Instagram accounts associated with the seven companies, which it said were used to conduct social engineering, reconnaissance and sending malicious links to victims in over 100 countries.

In July 2023, the U.S. Department of Commerce added the Cytrox companies Cytrox AD in North Macedonia, and Cytrox Holdings Zrt in Hungary to its Entity List, after determining that they posed a threat to the U.S.'s national security and foreign policy interests.

Predator is spyware developed by Cytrox that targets the Android and iOS operating systems. In May 2022, researchers at Google's Threat Analysis Group (TAG) reported that Predator bundled five zero-day exploits in one package and sold it to several government-backed actors, who used it in three separate campaigns. According to the researchers, Predator worked closely with a component named Alien, which "lives inside multiple privileged processes and receives commands from Predator."

An analysis of the spyware conducted by Cisco Talos in May 2023 revealed that the spyware's Alien component actively implements the low-level functionality required by Predator to surveil its targets, instead of merely acting as a loader for Predator as was previously understood. In Talos's sample, Alien exploited five vulnerabilities, four of which affected Google Chrome and the last of which affected Linux and Android, to infect the targeted devices. After infecting a device, Predator has full access to its microphone, camera and user data such as contacts and text messages. Additionally, Predator has access to a device's location services and messaging apps such as WhatsApp, Telegram and Signal. It also allows hackers to intercept and falsify messages.

See all
User Avatar
No comments yet.