HTTP infection
2023-09-25 20:51:02.18404+02 by Dan Lyke 0 comments
Daaang: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
In August and September 2023, Eltantawy’s Vodafone Egypt mobile connection was persistently selected for targeting via network injection; when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website to infect his phone with Cytrox’s Predator spyware.
Of course the recent WebP bug is further evidence that all you have to do is visit a malicious website, and HTTPS is no guarantee that the website itself isn't malicious, but here's proof in the wild that one can definitely not trust the network.