A human rights lawyer in Pakistan’s Balochistan province received a suspicious link from an unknown number on WhatsApp, marking the first time a civil society member in the country has been targeted by Intellexa’s Predator spyware, Amnesty International said in a report.
The link, the nonprofit organization said, “is an attempted Predator attack based on the technical behavior of the infection server and the specific characteristics of a one-time infection link that were consistent with previously observed Predator 1-click links.” Pakistan has rejected the allegations, saying, “There is not even an iota of truth in it.”
The findings come from a new joint investigation published in collaboration with Israeli newspaper Haaretz, Greek news site Inside Story and Swiss tech site Inside IT. It is based on leaked documents and other materials from the company, including internal documents, sales and marketing materials, and training videos.
Intellexa is the creator of a mercenary spyware tool called Predator that, similar to NSO Group’s Pegasus, can covertly obtain sensitive data from targets’ Android and iOS devices without their knowledge. The leak shows that the Predator has also been marketed as Helios, Nova, Green Arrow and Red Arrow.
Often, this involves using various early access vectors such as messaging platforms that weaponize previously unknown flaws to covertly install spyware through a zero-click or 1-click approach. Therefore, the attack requires opening a malicious link in the target’s phone to trigger the infection.
If the victim eventually clicks the booby-trapped link, a browser exploit for Google Chrome (on Android) or Apple Safari (on iOS) is loaded to gain initial access to the device and download the main spyware payload. According to data from Google Threat Intelligence Group (GTIG), Intellexa has been linked to the following zero-day exploits, either developed in-house or obtained from external entities –
One such iOS zero-day exploit chain used against targets in Egypt in 2023 involved leveraging CVE-2023-41993 and a framework called JSKit to perform native code execution. GTIG said it observed similar exploits and frameworks used in the watering hole attacks carried out by Russian government-backed hackers against Mongolian government websites, raising the possibility that these exploits were being obtained from a third party.
|
| Marketing brochure presenting the capabilities of Intellexa’s spyware product |
Google explained, “The JSKit framework is well maintained, supports a wide range of iOS versions, and is modular enough to support various pointer authentication code (PAC) bypasses and code execution techniques.” “The framework can parse in-memory Mach-O binaries to resolve custom symbols and eventually manually map and execute Mach-O binaries directly from memory.”
|
| Screenshot of the example PDS (Predator Delivery Studio) dashboard interface used to manage targets and view collected monitoring data |
After exploiting CVE-2023-41993, the attack moved to a second stage to exit the Safari sandbox and execute an untrusted third-stage payload called PreHunter by taking advantage of CVE-2023-41991 and CVE-2023-41992. PreHunter consists of two modules –
- The watcher, which monitors crashes, ensures that the infected device does not exhibit any suspicious behavior, and proceeds to terminate the exploitation process if such patterns are detected.
- Helper, which communicates with other parts of the exploit via Unix sockets and deploys hooks to record VoIP conversations, run keyloggers, and capture photos from the camera.
Intellexa is also said to be using a custom framework that facilitates the exploitation of various V8 flaws in Chrome – i.e., CVE-2021-38003, CVE-2023-2033, CVE-2023-3079, CVE-2023-4762, and CVE-2025-6554 – observed in June. 2025 with CVE-2025-6554 abuse in Saudi Arabia.
Once the tool is installed, it collects data from messaging apps, calls, emails, device location, screenshots, passwords and other on-device information and sends them to an external server located in the customer’s country. The Predator also includes the ability to activate the device’s microphone to silently capture ambient audio and take advantage of the camera to take photos.
The company, along with some key executives, was subject to US sanctions last year for developing and distributing surveillance equipment and undermining civil liberties. Despite consistent public reporting, Recorded Future’s Insect Group revealed in June 2025 that it detected Predator-related activity in more than a dozen countries, primarily in Africa, indicating “increasing demand for spyware tools”.
Perhaps the most significant revelation is that people working at Intellexa allegedly had the ability to remotely access the surveillance systems of at least some customers using TeamViewer, including surveillance systems located on the premises of its government customers.
“The fact that, at least in some cases, Intellexa retained the ability to remotely access Predator customer logs – allowing company employees to view details of surveillance operations and targeted individuals, raises questions about their own human rights due diligence processes,” Jurre van Bergen, technologist at the Amnesty International Security Lab, said in a news release.
“If a mercenary spyware company is found to be directly involved in the operation of their product, in accordance with human rights standards, it could potentially leave them open to liability claims in cases of abuse and if any human rights abuses result from the use of the spyware.”
The report also highlights the various delivery vectors adopted by Intellexa to trigger the opening of malicious links without the need to manually click on the target. This includes tactical vectors such as Triton (revealed in October 2023), Thor and Oberon (both unknown at this stage), as well as strategic vectors that are delivered remotely via the Internet or mobile networks.
The three strategic vectors are listed below –
- MARS and Jupiter, which are network injection systems that require cooperation between the predator client and the victim’s mobile operator or Internet service provider (ISP) to stage an adversary-in-the-middle (AITM) attack by waiting for the target to open an unencrypted HTTP website to activate the infection or when the target visits a domestic HTTPS website that has already been intercepted using valid TLS certificates. It happens.
- Aladdin, which exploits the mobile advertising ecosystem to execute a zero-click attack that is triggered as soon as a specially crafted advertisement is viewed. The system is believed to be under development until at least 2022.
“The Aladdin system infects a target’s phone by forcing a malicious advertisement created by the attacker to appear on the target’s phone,” Amnesty said. “This malicious advertisement can be served on any website that displays advertisements.”
|
| Mapping of Intellexa’s corporate web connected to Czech cluster |
Google said the use of malicious ads on third-party platforms is an attempt to abuse the advertising ecosystem to fingerprint users and redirect targeted users to Intellexa’s exploit delivery servers. It also said it worked with other partners to identify companies created by Intellexa to create ads and shut down those accounts.
In a separate report, Recorded Future said it has discovered two companies called Pulse Advertise and Morningstar TEC that are operating in the advertising sector and possibly linked to the Aladdin infection vector. Additionally, there is evidence of Intellexa customers located in Saudi Arabia, Kazakhstan, Angola and Mongolia still communicating with Predator’s multi-layered infrastructure.
In contrast, customers in Botswana, Trinidad and Tobago and Egypt saw communications shut down in June, May and March 2025, respectively. “This may indicate that these entities stopped using the Predator spyware around that time; however, it is also possible that they simply modified or moved their infrastructure setup.”
