![](\"https:\/\/media.wired.com\/photos\/628572b8bdc4ad545af73cfb\/master\/pass\/Android-Exploits-Security-GettyImages-1159611909.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Thu, 19 May 2022 16:00:00 +0000<\/strong><\/p>\n Lily Hay Newman<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n NSO Group and<\/span> its powerful Pegasus malware<\/a> have dominated the debate over commercial spyware vendors who sell their hacking tools to governments, but researchers and tech companies are increasingly sounding the alarm about activity in the wider surveillance-for-hire industry. As part of this effort, Google's Threat Analysis Group is publishing details<\/a> on Thursday of three campaigns that used the popular Predator spyware, developed by the North Macedonian firm Cytrox, to target Android users.<\/p>\n In line with findings<\/a> on Cytrox published in December by researchers at University of Toronto\u2019s Citizen Lab, TAG saw evidence that state-sponsored actors who bought the Android exploits were located in Egypt, Armenia, Greece, Madagascar, C\u00f4te d\u2019Ivoire, Serbia, Spain, and Indonesia. And there may have been other customers. The hacking tools took advantage of five previously unknown Android vulnerabilities, as well as known flaws that had fixes available but that victims hadn\u2019t patched.<\/p>\n \u201cIt's important to shine some light on the surveillance vendor ecosystem and how these exploits are being sold,\u201d says Google TAG director Shane Huntley. \u201cWe want to reduce the ability of both the vendors and the governments and other actors who buy their products to throw around these dangerous zero-days without any cost. If there\u2019s no regulation and no downside to using these capabilities, then you\u2019ll see it more and more.\u201d<\/p>\n