In a development highlighting the world of digital espionage, Apple and Google have issued a warning to users IPhone Android devices have been targeted following the discovery of high-level attack activity using the dangerous Predator spyware. This is one of the most dangerous hacking tools to have emerged in recent years, developed by the Israeli company Intellexa. According to Amnesty International, the Predator spyware functions similarly to the Pegasus malware, allowing it to hack phones and gain rapid access to content without any issues. In this article, we will explore the Predator spyware, the mechanisms of this Israeli cyberattack, and how to protect yourself from this threat.
Hacking smartphones
A recent investigation by several independent parties describes IntelliXia as one of the most notorious suppliers of mercenary spyware, as it continues to operate its software. Predator It targets new objectives even after being placed on US sanctions lists. This time, experts were able to detect sophisticated attack activity targeting mobile devices in more than 150 countries, including Egypt and Saudi Arabia.
The story began when a Pakistani lawyer and activist received a WhatsApp message from an unknown number containing a seemingly innocuous link. However, analysis of the link later revealed it to be part of a sophisticated espionage operation designed to compromise his phone and gain full access to his data, including photos, conversations, microphone, and camera. Upon further analysis, the link was found to be identical to the known technical architecture of Predator attacks, which rely on a single click to activate the breach.
How do Predator attacks work?
Predator attacks rely on sophisticated hacking techniques that are difficult for the average user to detect. An attack might begin with seemingly innocuous content, such as a simple message, a digital advertisement, or even a legitimate webpage. Once a device is exposed to this content, a range of vulnerabilities within the browser or system are exploited to implant the spyware in the background without any obvious signs. Even more alarming is that some versions of this malware eliminate the need for any direct user interaction; the attack can be activated automatically simply by displaying an advertisement while browsing, making it virtually impossible to prevent without advanced protection.
This information came as a result of a joint investigation by Amnesty International and several other organizations. The investigation relied on leaked documents, training materials, and marketing materials from Intellexa itself. These documents reveal that Predator is not merely a spyware tool, but a complete hacking platform sold under various names such as Helios, Nova, Green Arrow, and Red Arrow. Even more alarming, this malware is capable of easily gaining near-total control over iPhones and Android devices by exploiting a series of vulnerabilities in the browser, the operating system, and ultimately the kernel.
How does Intellexa exploit zero-day vulnerabilities?
One of Intellexa's methods is to purchase and exploit vulnerabilities. The company acquires these vulnerabilities from hackers and uses them until the vulnerabilities are discovered and patched, at which point they become ineffective because they no longer work against updated systems. The price of these vulnerabilities varies depending on the target device or application and the impact of exploiting them. For example, exploiting a remote code execution vulnerability against the Chrome browser, bypassing its sandbox, can cost between $100 and $300. Therefore, only governments and organizations with substantial resources can afford to hire Intellexa to spy on their target populations.
large-scale attack
Security reports, particularly from Google and Apple's security teams, have linked Intellexa to the exploitation of numerous zero-day vulnerabilities, some in Apple systems, others in the Google Chrome browser or Android. These vulnerabilities, which allow bypassing security and gaining deep access to the device, are exploited by a range of tools and malware owned by the company, including:
Triton – Thor – Oberon: Tools used to launch remote attacks.
Mars and Jupiter: Tools that rely on intercepting internet traffic via local service providers to carry out a middleman or man-in-the-middle (MITM) attack and directly implant malware.
Aladdin: These are malicious clickless attacks, where the attack begins as soon as the booby-trapped ad is displayed while the victim is browsing the site.
It should be noted that investigations indicated the use of Predator software to spy on users in countries such as Saudi Arabia, Kazakhstan, Angola and Mongolia, while surveillance and spying activities stopped in other countries such as Morocco, Egypt, Botswana and Trinidad and Tobago in 2025, without knowing whether this was due to the lack of need to use the tool or whether the vulnerabilities were fixed.
Ultimately, Intelexa is one of the most controversial companies in the world of surveillance and cyberattack technologies. It develops advanced spyware targeting smartphones and modern operating systems. Despite US sanctions, the company sells its products without restrictions to the highest bidder to monitor anyone, anywhere in the world. Intelexa is best known for developing Predator, a major competitor to Pegasus, which allows for the silent infiltration of phones through zero-day vulnerabilities. It also enables sophisticated spying operations without the user's knowledge.
It's crucial to update your operating system to patch these vulnerabilities. Don't worry if you're an ordinary person; no one would pay a quarter of a million dollars to monitor you. But if you're a wanted individual, you're at risk. 🙂 Be smart and never go online. Let us know your thoughts in the comments: Are you afraid of being monitored and having your privacy violated?
Source:
Leave a response