Predator Malware: Trust Broken At The Core - Matthias Frielingsdorf
Nullcon Goa 2025 · Main Stage
This talk by Matthias Frielingsdorf, VP of Research at A-Verify, delves into the sophisticated world of **commercial spyware**, specifically focusing on the evolution and technical intricacies of the **Predator malware**. Frielingsdorf highlights the critical challenge posed by such advanced persistent threats (APTs) on the iOS ecosystem, where traditional security models struggle to provide adequate visibility and detection capabilities. The presentation provides a detailed technical analysis of a recovered Predator 2023 loader sample, comparing its methodologies and evasive techniques against earlier versions.
AI review
Frielingsdorf delivers a technically substantive teardown of the Predator 2023 loader — native rewrite, multi-process architecture, crash-log suppression via memory_maintenance_D, argument zeroing — with enough concrete artifact detail to actually move defensive and forensic work forward. Not a 5-star because it's static-analysis only with no live device, ~50% of the binary stays unresolved, and the ESF policy ask at the end is a known talking point, not novel advocacy.