Spyware find highlights depth of hacker-for-hire industry

BOSTON (AP) — Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry.

One piece of malware recently found on an iPhone belonging to Ayman Nour, a 2005 Egyptian presidential candidate who subsequently spent three years in jail, originated with the increasingly embattled NSO Group of Israel. The U.S. government recently blacklisted. NSO Group. The other was from a company called Cytrox, which also has Israeli ties. This was the first documentation of a hack by Cytrox, a little-known rival to NSO Group.

The spyware was uncovered by digital sleuths at the University of Toronto's Citizen Lab, who said two different governments hired the competing mercenaries to hack Nour's phone. Both instances of malware were simultaneously active on the phone, investigators said after examining its logs. The researchers said they traced the Cytrox hack to Egypt but didn't know who was behind the NSO Group infection.

The researchers said in a report that the intrusions highlight how “hacking civil society transcends any specific mercenary spyware company.”

In detailing the Cytrox infection, the researchers said they found the phone of a second Egyptian exile, who asked not to be identified, also hacked with Cytrox's Predator malware. But the bigger discovery, in a joint probe with Facebook, was that Cytrox has customers in countries beyond Egypt including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Facebook’s owner, Meta, announced on Thursday a flurry of takedowns of accounts affiliated with seven surveillance-for-hire firms — including Cytrox — and notified about 50,000 people in more than 100...