Meta removes accounts of spyware company Cytrox after Citizen Lab report on gov't hacks

Citizen Lab has released a new report highlighting widespread government use of the “Predator” spyware from North Macedonian developer Cytrox.

Researchers found that Predator was used to attack two people in June 2021. The spyware “was able to infect the then-latest version (14.6) of Apple’s iOS operating system using single-click links sent via WhatsApp,” according to Citizen Lab. 

The researchers added that Predator persists after reboot using the iOS automations feature. Apple did not respond to requests for comment about the spyware, but Citizen Lab said they have been notified and are investigating the issue. 

Because WhatsApp is involved, Citizen Lab also told Meta about Predator’s action. Meta announced it is taking enforcement action against Cytrox and is removing approximately 300 Facebook and Instagram accounts linked to the spyware company. 

The security team at Meta found “an extensive list of lookalike domains used as part of social engineering and malware attacks.”

“The Meta report states that they believe Cytrox customers include entities in Egypt, Armenia, Greece, Saudi Arabia, Oman, Colombia, Côte d’Ivoire, Vietnam, Philippines, and Germany, and that they identified additional abusive targeting initiated by Cytrox customers around the world,” Citizen Lab explained. 

Meta also took down accounts linked to six other cyber surveillance firms including

Read More: