After going quiet for a few months amid public exposure and US sanctions, the Predator spyware is back and is even better to evade detection.

This is the worrying revelation coming from experts at Insikt Group as they detect the new infrastructure of the mercenary spyware toll in multiple countries, including in the Democratic Republic of the Congo (DRC) and Angola.

“Predator is far from disappearing,” wrote experts. “Recent findings by Insikt Group reveal that Predator's infrastructure is back with modifications to evade detection and anonymize users.”

Developed by the Intellexa Alliance – a group of companies among which many are EU-based – Predator spyware is a highly invasive mobile hacking software (for both Android and iPhone) designed to leave minimal traces on affected devices. It uses both one-click and zero-click attack vectors to install itself on targeted phones, taking advantage of browser vulnerabilities and network access. 

Investigations suggest that this sophisticated mercenary spyware, similar to the infamous Pegasus developed by Israeli firm NSO Group, has been largely used by government actors since at least 2019.

Predator is highly dangerous due to its level of intrusiveness. Once the device is infected, the spyware has unrestricted access to the microphone, camera, and all users' data, such as contacts, messages, photos, and videos, without their knowledge.

The latest report found that Predator's operators “significantly enhanced their infrastructure” by adding layers of complexity that make it even more difficult to trace it. The malicious software now has an additional tier in its delivery system which anonymizes customer operations. Put simply, it's now even harder for researchers to identify the countries using Predator and track how its usage spread.

“The re-emergence of Predator spyware is a stark reminder of the growing dangers posed by mercenary spyware,” wrote experts. “Public reporting, ongoing research, and stronger regulations are critical in minimizing the damage caused by tools like Predator.”

How to protect yourself from Predator spyware

It's true that spyware tools are powerful malware and full protection against them is very difficult. Simply connecting to security software like the best VPN and antivirus apps, for instance, isn't enough to fight back the spyware threat. Yet, there are still some steps you can take to considerably reduce the risk of becoming a target.

As experts pointed out: “[Predator] infrastructure has evolved, making it harder to track and identify users, but with the right cybersecurity practices in place, individuals and organizations can reduce their risk of becoming targets.”

Hence, if you are a high-profile individual – like a politician, journalist, activist, or company's executive – you need to be vigilant at all times. Below are Insikt Group's suggested defensive measures you should  take to mitigate the risk of a Predator's attack:

• Keep your software updated at all times. A piece of advice that never gets old, staying on top of your device updates considerably reduces potential vulnerabilities that Predator might exploit. 
• Regularly reboot your device. Rebooting your device can also help in disrupting spyware operations, so experts suggest doing that periodically. Bear in mind that a reboot may not be enough to completely eliminate advanced spyware.
• Enable lockdown mode. Both available on iPhones and Android phones, lockdown mode is a security feature that boosts device protection with stringent controls, such as disabling biometrics access.  
• Boost your organization’s security. If you’re looking to protect your workforce, experts suggest implementing a mobile device management (MDM) system while investing in security awareness training to educate employees against online risks.