Post

To Catch a Predator Leak exposes the internal operations of Intellexa’s mercenary spyware

Posted
By ictsec.pl
1 min read

The “Intellexa Leaks”, a new investigation published jointly by Inside Story, Haaretz and WAV Research Collective, presents troubling revelations about the surveillance company Intellexa and its signature product Predator, a form of highly invasive spyware that has been linked to human rights abuses in multiple countries.
Intellexa is one of the most notorious of the so-called “mercenary spyware companies”, a description used by civil society and industry researchers for private entities that develop spyware and sell it for use by governments.

Key findings:

  1. New insights into Predator infection vectors, including attacks via advertising ecosystems.
  2. Intellexa retained direct access to live customer spyware systems.
  3. Leaked logs confirm attribution of suspected infection domains and infrastructure to Predator.
  4. Files strengthen forensic evidence linking Predator spyware to surveillance abuses in Greece and Egypt.

Throughout this period, Intellexa has been able to maintain access to the latest zero-day exploits, while also expanding the suite of infection vectors. Most concerningly, there is evidence that Intellexa has developed and deployed ‘Aladdin’, a system to silently infect target phones just by viewing a malicious digital ad. Evidence that Intellexa is subverting the digital advertising ecosystem to hack phones demands urgent attention and action from the advertising (AdTech) industry to disrupt these attacks, and harms from the abuse of targeted advertising more broadly.

To read the complete article, see: Intellexa Leaks - Amnesty International

See also the excellent and related Google Threat Intelligence Group blog from yesterday: Intellexa Zero-Day Exploits.

Apply for our first conference of next year in San Francisco on February 18th and 19th, 2026 here using the password “d7Jf#ga5Pr” (no quotes). If you have a case study or a workshop, our call for papers is open until the end of December: Call for Papers.

To apply for the LEO training at this event: LEO Training Application (you MUST currently be a Law Enforcement Officer).

MALWARE
SPYWARE INTELLEXA PREDATOR
This post is licensed under CC BY 4.0 by the author.