And for once it wasn't NSO Group.
One spyware company exploited at least five zero-day vulnerabilities—four in the Chrome browser and one in the Android operating system—throughout 2021, according to Google.
The company’s Threat Analysis Group (TAG) says the spyware maker in question is a North Macedonian firm known as Cytrox. Precious little is known about Cytrox, but in December 2021, the Citizen Lab at the University of Toronto revealed(Opens in a new window) some information about its activities.
Citizen Lab says Cytrox infected two Egyptians—”exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)”—with its Predator malware in June 2021. Those infections affected iPhones, but TAG says Predator targets Android phones, too.
TAG says Cytrox abused four Chrome zero-days (CVE-2021-37973(Opens in a new window), CVE-2021-37976(Opens in a new window), CVE-2021-38000(Opens in a new window), and CVE-2021-38003(Opens in a new window)) and a single Android zero-day (CVE-2021-1048(Opens in a new window)) last year in “at least three campaigns” believed to be conducted on behalf of various governments.
Cytrox is said to have taken advantage of several known security flaws, also known as “n-days” because patches have been made available for them, too. TAG says these “findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.”
That’s bad news for companies that need to protect products used by hundreds of millions of people. Firms like Cytrox are making life increasingly difficult for the security teams at Google, Apple, and Microsoft—and it seems like they aren’t going to get a break any time soon.
“Seven of the nine 0-days TAG discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors,” Google says. “TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors.”
More information about how Cytrox exploited these zero-day vulnerabilities to infect Android smartphones as part of three separate campaigns in 2021 is available via TAG’s blog post(Opens in a new window).
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Your subscription has been confirmed. Keep an eye on your inbox!
I’ve been writing about tech, including everything from privacy and security to consumer electronics and startups, since 2011 for a variety of publications.
I have a knack for identifying emerging trends, a fondness of learning new things, and a bunch of opinions. That combination lends itself well to covering security, weird tech, and breaking news; reviewing mice, keyboards, and other hands-on products; and having as much fun as possible in the process.
I do a lot of writing on my MacBook Air, most of my work-related reading on an iPad Pro, and too much email on an iPhone SE (2020) that I hate. Most of my procrastination is done on a custom-built PC that runs Windows 11 in between my attempts to use Linux on the desktop or a Nintendo Switch. But perhaps my favorite piece of technology is my Apple Watch SE, because it helps me track my health and gives me a flashlight on my wrist for those middle-of-the-night trips to other parts of my house. (Ahem.) is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
© 1996-2022 Ziff Davis. PCMag Digital Group
PCMag, and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.


Previous articleApple supplier BOE could lose millions of iPhone 14 OLED panel orders –
Next articleiPad Using iPad to control desktop? – MacRumors


Please enter your comment!
Please enter your name here