Intellexa Alliance's advanced Predator spyware was discovered by Cisco Talos researchers to have integrated reboot-surviving functionality as an additional capability dependent on its customers' licensing options, reports The Hacker News.
Exploit chains leveraged by Predator have been provided by Intellexa but customers are being tasked to establish the attack infrastructure on their own to evade liability, said Cisco Talos researchers, who added that Intellexa provides hardware support at terminals or airports. "This delivery method is known as Cost Insurance and Freight (CIF), which is part of the shipping industry's jargon ('Incoterms'). This mechanism allows Intellexa to claim that they have no visibility of where the systems are deployed and eventually located," researchers noted. Despite efforts to shed light on spyware operations, researchers lamented that there has been little impact on threat actors. "What is needed is the public disclosure of technical analyses of the mobile spyware and tangible samples enabling public scrutiny of the malware. Such public disclosures will not only enable greater analyses and drive detection efforts but also impose development costs on vendors to constantly evolve their implants," they added.