In a post, Google exposes some of the countries that have used the popular Predator spyware, developed by Cytrox and targeting Android users.
TAG (Threat Group) reports that the governments that bought the exploits are in Egypt, Armenia, Greece, Madagascar, Ivory Coast, Serbia, Spain and Indonesia. And there may have been other customers.
The company says:
To protect our users, Google's Threat Analysis Team (TAG) systematically searches for 0day vulnerabilities that are exploited across the web. In 2021, we reported nine 0days affecting Chrome, Android, Apple, and Microsoft, which resulted in updates to protect users from these attacks.
This post is a follow-up to our July 2021 post about four 0day vulnerabilities in Chrome and one on Android:
CVE-2021-37973, CVE-2021-37976, CVE-2021-38000, CVE-2021-38003 in Chrome
CVE-2021-1048 on Android
We are confident that these exploits were packaged by the surveillance company, Cytrox, and sold to various government-backed agencies that have used them in at least three of the following campaigns. According to the findings of CitizenLab, we estimate that the government-backed entities that purchased these exploits are (at least) in Egypt, Armenia, Greece, Madagascar, Cφανte d'Ivoire, Serbia, Spain and Indonesia.
Seven of the nine 0days discovered in 2021 were developed by commercial providers, sold and used by government-backed entities. TAG actively monitors more than 30 suppliers with varying levels of sophistication and public exposure that sell exploits or surveillance capabilities to government-sponsored agencies.
We estimate that the number of targets was dozens of users.
For more information
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/