A human rights lawyer in Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a member of the country’s civil society has been targeted by Intellexa’s Predator spyware, Amnesty International said in a report.
The nonprofit said the link was a “predator attack attempt based on the technical behavior of the infected server and certain characteristics of the one-time infected link that are consistent with previously observed predator one-click links.” Pakistan rejected the claim, saying there was “not a shred of truth in it.”
The findings come from a new joint study published in collaboration with Israeli newspaper Haaretz, Greek news site Inside Story, and Swiss technology site Inside IT. It is based on leaked documents and other materials from the company, including internal documents, sales and marketing materials, and training videos.
Intellexa is the maker of a mercenary spyware tool called Predator. This tool, similar to NSO Group’s Pegasus, can covertly collect sensitive data from targeted Android and iOS devices without their knowledge. The leak reveals that the Predator will also be sold as Helios, Nova, Green Arrow, and Red Arrow.
This often involves the use of various initial access vectors, such as messaging platforms that weaponize previously undisclosed flaws and covertly install spyware in a zero-click or one-click approach. Therefore, this attack requires opening a malicious link on the target phone to cause infection.
Once the victim clicks on the booby-trapped link, a Google Chrome (on Android) or Apple Safari (on iOS) browser exploit is loaded, gaining initial access to the device and downloading the main spyware payload. According to Google Threat Intelligence Group (GTIG) data, Intellexa is believed to be internally developed or externally sourced and is associated with the following zero-day exploits:
One iOS zero-day exploit chain used against Egyptian targets in 2023 leveraged CVE-2023-41993 and a framework named JSKit to execute native code. GTIG said it observed the same exploit and framework used in the watering hole attack organized by Russian government-backed hackers against Mongolian government websites, raising the possibility that the exploit was provided by a third party.
Marketing brochure highlighting the features of Intellexa’s spyware products
“The JSKit framework is well-maintained, supports a wide range of iOS versions, and is modular enough to support a variety of Pointer Authentication Code (PAC) bypass and code execution techniques,” Google explained. “This framework can parse Mach-O binaries in memory to resolve custom symbols, and ultimately manually map and execute Mach-O binaries directly from memory.”
Screenshot of an example PDS (Predator Delivery Studio) dashboard interface used to manage targets and view collected monitoring data
Following the exploitation of CVE-2023-41993, the attack moved to a second stage, leveraging CVE-2023-41991 and CVE-2023-41992 to breach the Safari sandbox and execute an untrusted third-stage payload known as PREYHUNTER. PREYHUNTER consists of two modules –
Crash watchers ensure that infected devices do not exhibit suspicious behavior and proceed to terminate the exploitation process if such patterns are detected. The helper communicates with the rest of the exploit via Unix sockets and deploys hooks for recording VoIP conversations, running a keylogger, and capturing photos from the camera.
Intellexa is said to be using a custom framework that facilitates the exploitation of various V8 flaws in Chrome (CVE-2021-38003, CVE-2023-2033, CVE-2023-3079, CVE-2023-4762, CVE-2025-6554), and in June Exploitation has been confirmed. Saudi Arabia in 2025.
Once installed, this tool collects data from messaging apps, calls, emails, device location, screenshots, passwords, and other information on the device and exfiltrates the data to an external server physically located in the customer’s country. Predator also has the ability to activate the device’s microphone to silently capture surrounding audio and utilize the camera to take photos.
The company, along with some key executives, was targeted by U.S. sanctions last year for developing and distributing surveillance tools and violating civil liberties. Despite continued public reporting, Recorded Future’s Insikt Group revealed in June 2025 that it had detected Predator-related activity in more than a dozen countries, primarily in Africa, suggesting an “increasing demand for spyware tools.”
Perhaps the most important fact is that people working for Intellexa allegedly had the ability to use TeamViewer to remotely access at least some of its customers’ surveillance systems, including those located on the premises of government customers.
“The fact that Intelexa appears to have had the ability, at least in some cases, to remotely access Predator customer logs, allowing its staff to view details of its surveillance activities and the individuals targeted, calls into question its own human rights due diligence processes,” Jure van Bergen, a technician at Amnesty International Security Lab, said in a news release.
“If mercenary spyware companies are found to be directly involved in the operation of their products, they could be held liable under human rights standards if they are misused or if the use of their spyware causes human rights violations.”
The report also highlights the various delivery vectors Intellexa employs to trigger the opening of malicious links without the target manually clicking on the link. This includes tactical vectors such as Triton (released in October 2023), Thor, and Oberon (both unknown at this stage), as well as strategic vectors delivered remotely over the Internet or mobile networks.
The three strategy vectors are shown below.
Mars and Jupiter are network injection systems that require cooperation from Predator customers and the victim’s mobile carrier or Internet service provider (ISP) to either wait for the target to open an unencrypted HTTP website and activate the infection, or launch a man-in-the-middle (AitM) attack when the target visits a domestic HTTPS website that has already been intercepted with a valid TLS certificate. Aladdin exploits the mobile advertising ecosystem to perform zero-click attacks that are triggered simply by viewing a specially crafted ad. The system appears to have been in development since at least 2022.
“The Aladdin system infects a target’s mobile phone by forcing it to display malicious advertisements created by the attacker,” Amnesty said. “This malicious ad could be served to any website that displays ads.”
Mapping Intellexa’s corporate web linked to Czech cluster
Google said the use of malicious ads on third-party platforms is an attempt to exploit the ad ecosystem to fingerprint users and redirect targeted users to Intellexa’s exploit distribution servers. It also said it worked with other partners to identify companies set up by Intellexa to create ads and shut down their accounts.
In a separate report, Recorded Future said it found that two companies, Pulse Advertise and MorningStar TEC, appear to be active in the advertising field and are likely connected to Aladdin’s infection vector. Additionally, there is evidence that Intellexa customers based in Saudi Arabia, Kazakhstan, Angola, and Mongolia are still communicating with Predator’s multi-tier infrastructure.
“In contrast, customers in Botswana, Trinidad and Tobago and Egypt lost communications in June, May and March 2025, respectively,” it added. “This could indicate that these organizations stopped using Predator spyware at that time, but it could also be that they simply changed or migrated their infrastructure settings.”
Source link
