What is Predator spyware, and how to check if your device is infected

Detect Predator spyware

A powerful new spyware, called Predator, is turning phones into surveillance tools and has allegedly been sold to governments worldwide. Most recently, the Greek wiretapping scandal has exposed the government for sending millions to Predator’s creators. So, what is Predator spyware, what does it do, and how do you protect yourself from it?

What is Predator spyware?

Predator spyware is a phone hacking software believed to be developed by Cytrox, based in Skopje, North Macedonia.

Predator shares similar features with Pegasus spyware. Once on your phone, Predator can access every message, call, photo, and password and has the ability to hide apps it doesn’t want you to find. Predator can add a certificate authority (CA) to your phone, tricking your device into trusting malicious apps and websites. It also can open the phone’s camera and microphone, turning it into a surveillance tool.

Sold as a commercial surveillance-for-hire tool, it is reported that governments worldwide are customers of Cytrox’s spyware. Predator is used to surveil political opponents and government critics.

By exploiting zero-day vulnerabilities, malicious actors could install Predator on their target’s phones. It’s executed by sending a link via email or text, directing the target to a domain that downloads malware before directing again to a legitimate page.

Why do cybercriminals leverage zero-day vulnerabilities?

A zero-day vulnerability is a software vulnerability that attackers discover before the software maker. These vulnerabilities are exploited before software developers are aware of them and before a patch is issued, increasing the likelihood of a successful cyberattack.

As patches for these vulnerabilities do not immediately exist, keeping your software up to date won’t protect you from a zero-day attack. That said, you should still keep your devices updated to be protected from known vulnerabilities.

Read more: Ultimate guide to mobile security for iPhone and Android devices

How to check if your device is infected with the Predator spyware

Spyware like Predator can make itself hard to find on your devices, but you can look for signs of a spyware infection. These include:

  • Your device is experiencing a decrease in performance. Spyware can cause your device to slow down as it increases the consumption of your device’s resources.
  • A barrage of pop-up windows. Spyware is often packaged with adware. Your device is likely infected if you receive a barrage of unexpected pop-up advertisements.
  • New programs and features appear at random. You notice apps, browser toolbars, and search engines you don’t recognize.
  • Difficulty accessing secure sites. If you get directed to a login page after your login attempt, it may mean your first attempt was on a spoofed site that communicates your password to a third party. Always check the browser link of the page you intend to visit is the correct one.
  • Unexplained increase in data usage. If you’ve found that your data usage has increased sharply on your latest phone bill, chances are there’s a malicious code or program sending data from your phone to unknown servers.
  • Your antivirus isn’t working properly. Spyware can search for cybersecurity tools like antivirus software and try to block them to evade detection and removal.

How to protect yourself from the Predator spyware

While Predator is predominantly used to track high-value targets, digital monitoring still matters if you’re a “nobody.” Besides, software like Predator can still violate your privacy, even if you have nothing to hide.

Read more: Why you should care about surveillance

To protect yourself from Predator spyware and other computer viruses, you should stay ahead of cybercriminals by keeping up with cybersecurity best practices.

  • Use the full range of cybersecurity and network tools. Tools like an antivirus program, firewalls, ad blockers, anti-tracking browser extensions, and a VPN are your line of defense against cyberattacks, including spyware.
  • Use genuine antivirus software. Antivirus from a trusted provider will alert you to threats, swiftly quarantine malware, and remove it from your computer.
  • Never root or jailbreak your devices. Spyware usually requires a phone to be rooted or jailbroken for it to work. If your phone is rooted or jailbroken, undoing it could render spyware like Predator useless.
  • Keep your devices up to date. Declining software updates increase the risks of zero-day exploits. Keeping your devices updated ensures that all known bugs are squashed and cannot be exploited.
  • Don’t download files or open links from unknown sources. If you’re unsure of a link’s destination or the source of an email attachment, it’s best not to click on them.
  • Use Safe Mode to remove spyware. On Android phones, Safe Mode is your best bet to remove spyware completely. Safe Mode prevents spyware from activating on boot and blocks it from networks it can use to reinstall itself.

FAQ: About Predator spyware

Who makes Predator spyware?
Can antivirus detect Predator spyware?
Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Sentient AI scouring the internet for photos of Paddington bear photoshopped into other movies and shows.