BOSTON (AP) — Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry.
One piece of malware recently found on an iPhone belonging to Ayman Nour, a dissident and 2005 Egyptian presidential candidate who subsequently spent three years in jail, originated with the increasingly embattled NSO Group of Israel. That company was recently blacklisted by Washington. The other was from a company called Cytrox, which also has Israeli ties. This was the first documentation of a hack by Cytrox, a little-known NSO Group rival.
The spyware was uncovered by digital sleuths at the University of Toronto’s Citizen Lab, who said two different governments hired the competing mercenaries to hack Nour’s phone. Both instances of malware were simultaneously active on the phone, investigators said after examining its logs. The researchers said they traced the Cytrox hack to Egypt but didn’t know who was behind the NSO Group infection.
The researchers said in a report that the intrusions highlight how “hacking civil society transcends any specific mercenary spyware company.”
In detailing the Cytrox infection, the researchers said they found the phone of a second Egyptian exile, who asked not to be identified, also hacked with Cytrox’s Predator malware. But the bigger discovery, in a joint probe with Facebook, was that Cytrox has customers in countries beyond Egypt including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.