The Predator spyware ecosystem is not dead

Sekoia.io reports that the Predator spyware ecosystem (Lycantrox) remains active despite prior public disclosures: analysts found new malicious domains and command-and-control infrastructure created after the Predator Files publications, indicating ongoing use across multiple countries (including Angola, Madagascar, Indonesia, Kazakhstan, Egypt, Botswana, Mongolia, and Sudan). The post documents operational security changes aimed at plausible deniability, associates specific typosquatted and mimicked domains with likely customers, and encourages NGOs to share indicators for defensive action.