On Monday, Google revealed that nearly half a dozen Chrome vulnerabilities and Android exploits had been sold to the government by a privately owned surveillance company known as Cytrox.
Allegedly, Crytrox’s clients are government-based “threat actors” from multiple foreign countries. That might exploit this data to conduct hacking and spyware attacks using Cytrox’s own spyware known as “Predator.”
What does Google have to say?
Google, in its statement, said, “We assess with high confidence that these exploits were packaged by a single commercial surveillance company, Cytrox, and sold to different government-backed actors who used them in at least the three campaigns.”
It is also said that Cytrox had provided access to previously patched “n-day” vulnerabilities to their clients. The users who haven’t updated their devices or apps might get targeted through this vulnerability.
Researchers have also revealed that Cytrox services have been sold to hackers throughout the world, including Greece, Serbia, Egypt, Armenia, Spain, Indonesia, Madagascar, and Côte d’Ivoire.
Google’s TAG team has also revealed some shocking details about private surveillance companies like Cytrox. They said, “Seven of the nine zero-day vulnerabilities” were developed intentionally by companies like this and sold stolen data to government-backed actors.
Find your dream job
Currently, TAG is continuously tracking more than 30 similar vendors to avoid such data leaks and exploits. Meanwhile, well-known companies like “NSO Group” has also been accused of selling this kind of data to government bodies.