What is Predator spyware?

Privacy news
4 mins
Detect Predator spyware

Editor’s note: The original version of this article lacked sufficient context about Predator’s seriousness and stealthiness. It has been updated to supply that context.

A powerful new spyware, called Predator, is turning phones into surveillance tools and has allegedly been sold to governments worldwide. Most recently, the Greek wiretapping scandal has exposed the government for sending millions to Predator’s creators. So, what is Predator spyware, what does it do, and is there anything you can do to protect yourself from it?

What is Predator spyware?

Predator spyware is a phone hacking software believed to be developed by Cytrox, based in Skopje, North Macedonia.

Predator shares similar features with Pegasus spyware. Once on your phone, Predator can access every message, call, photo, and password, and it has the ability to hide apps it doesn’t want you to find. Predator can add a certificate authority (CA) to your phone, tricking your device into trusting malicious apps and websites. It also can open the phone’s camera and microphone, turning them against you.

Sold as a commercial surveillance-for-hire tool, Cytrox’s spyware is reported to have been sold to governments worldwide. It has been used to surveil political opponents and government critics, not just criminals and foreign agents.

By exploiting zero-day vulnerabilities, malicious actors could install Predator on their target’s phones. It’s executed by sending a link via email or text, directing the target to a domain that downloads malware before directing again to a legitimate page.

Why do cybercriminals leverage zero-day vulnerabilities?

A zero-day vulnerability is a software vulnerability that attackers discover before the software maker. These vulnerabilities are exploited before software developers are aware of them and before a patch is issued, increasing the likelihood of a successful cyberattack.

As patches for these vulnerabilities do not immediately exist, keeping your software up to date won’t protect you from a zero-day attack. That said, you should still keep your devices updated to be protected from known vulnerabilities.

Read more: Ultimate guide to mobile security for iPhone and Android devices

Is there any way to recognize an infection?

It’s important to understand that spyware on Predator’s level, used by state actors and those with similarly deep pockets, is extremely sophisticated. It is highly unlikely that anyone without special training and tools could even detect an infection, let alone prevent one. If you have reason to suspect you’re being targeted, you’ll probably need to consult with experts.

That said, there are many more common forms of malware out there, and they’re still worth guarding against. Here are some signs to look out for:

  • Your device is experiencing a decrease in performance. Malware can cause your device to slow down as it increases the consumption of your device’s resources.
  • A barrage of pop-up windows. Intrusive malware is often packaged with adware. Your device may be infected if you receive a barrage of unexpected pop-up advertisements.
  • New programs and features appear at random. You notice apps, browser toolbars, and search engines you don’t recognize.
  • Difficulty accessing secure sites. If you get directed to a login page after your login attempt, it may mean your first attempt was on a spoofed site that communicates your password to a third party. Always check the browser link of the page you intend to visit is the correct one.
  • Unexplained increase in data usage. If you’ve found that your data usage has increased sharply on your latest phone bill, chances are there’s a malicious code or program sending data from your phone to unknown servers.
  • Your antivirus isn’t working properly. Spyware can search for cybersecurity tools like antivirus software and try to block them to evade detection and removal.

While these could be indicators of potentially unwanted software on your device, they’re not a sign of infection by Predator, which doesn’t leave such obvious clues behind.

How to protect yourself from lesser threats

While Predator is predominantly used to track high-value targets, digital monitoring still matters if you’re a “nobody.”

Read more: Why you should care about surveillance

To protect yourself from more typical dangers online, follow these tips:

  • Use the full range of cybersecurity and network tools. Antivirus programs, firewalls, ad blockers, anti-tracking browser extensions, and a VPN are your first line of defense against cyberattacks and intrusive malware.
  • Use genuine antivirus software. Antivirus from a trusted provider will alert you to threats, swiftly quarantine malware, and remove it from your computer.
  • Keep your devices up to date. Declining software updates increase the risks of zero-day exploits. Keeping your devices updated ensures that all known bugs are squashed and cannot be exploited.
  • Don’t download files or open links from unknown sources. If you’re unsure of a link’s destination or the source of an email attachment, it’s best not to click on them.
  • Use Safe Mode to remove malware. On Android phones, Safe Mode is your best bet to remove many forms of mal- and adware completely. Safe Mode prevents such software from activating on boot and blocks it from networks it can use to reinstall itself.


Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Sentient AI scouring the internet for photos of Paddington bear photoshopped into other movies and shows.