back to article Predator spyware sold with Chrome, Android zero-day exploits to monitor targets

Spyware vendor Cytrox sold zero-day exploits to government-backed snoops who used them to deploy the firm's Predator spyware in at least three campaigns in 2021, according to Google's Threat Analysis Group (TAG). The Predator campaigns relied on four vulnerabilities in Chrome (CVE-2021-37973, CVE-2021-37976, CVE-2021-38000 and …

  1. Potemkine! Silver badge

    All of them are selling exploits or surveillance malware

    Is that legal? It's being an accomplice of the wrongdoing, those companies shouldn't be allowed to avoid responsibilities.

    1. Paul 195

      Is it legal? I think the answer is "that really depends". Are Cytrox doing anything illegal by packaging and selling the exploit? That depends on the jurisdiction, but chances are it isn't illegal in North Macedonia where they are based. Are the users of this software doing something illegal? Definitely if they do it in the EU, UK, or North America, but most of the customers appeared to be governments who are probably doing it to their own citizens in their own countries.

      Is it ethical? No.

      1. VoiceOfTruth Silver badge

        -> Definitely if they do it in the EU, UK,

        In the UK it would be rubberstamped by the judiciary.

  2. Anonymous Coward
    Anonymous Coward

    > Are the users of this software doing something illegal? Definitely if they do it in the EU, UK, or North America

    Not in Spain, where even the ombudsman (Defensor del pueblo) says that the Pegasus spying affair against Catalan politic and social leaders is completely legal according to secret court papers he could see but which can't be made public. Although not helping that the said ombudsman is the former runner for the Madrid regional office and, after losing for the Nth time, was appointed on its current position by the PM and party colleague

    As long as this software remains useful for those in power, it will be legal. The problem is this will always be useful to them.

    Oh crud, how do I reanchor this post under Paul's answer where I was supposed to reply?

  3. teknopaul Silver badge

    Only Chrome

    Love to know what the JSON.stringify() bug was. Original JSON spec was so simple, you wonder how they got that wrong?

    Being Chrome. I guess they rewrote the JavaScript in C++ in V8 for a start.

    1. Claptrap314 Silver badge

      Re: Only Chrome

      These aren't bugs--they are features. They ensure people are forced to upgrade their "smart" phones--after the relevant parties have extracted the needed data, of course.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like