A human rights lawyer from Pakistan’s Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa’s Predator spyware, Amnesty International said in a report.
The link, the non-profit organization said, is a “Predator attack attempt based on the technical behaviour of the infection server, and on specific characteristics of the one-time infection link which were consistent with previously observed Predator 1-click links.” Pakistan has dismissed the allegations, stating “there is not an iota of truth in it.”
The findings come from a new joint investigation published in collaboration with Israeli newspaper Haaretz, Greek news site Inside Story, and Swiss tech site Inside IT. It’s based on documents and other materials leaked from the company, including internal documents, sales and marketing material, and training videos.
Intellexa is the maker of a mercenary spyware tool called Predator that, similar to NSO Group’s Pegasus, can covertly harvest sensitive data from targets’ Android and iOS devices without their knowledge. The leaks show that Predator has also been marketed as Helios, Nova, Green Arrow, and Red Arrow.
Often, this involves using different initial access vectors like messaging platforms that weaponize previously undisclosed flaws to stealthily install the spyware either via a zero-click or 1-click approach. The attack, therefore, requires a malicious link to be opened in the target’s phone in order to trigger the infection.
Should the victim end up clicking the booby-trapped link, a browser exploit for Google Chrome (on Android) or Apple Safari (on iOS) is loaded to gain initial access to the device and download the main spyware payload. According to data from Google Threat Intelligence Group (GTIG), Intellexa has been linked to the exploitation of the following zero-days, either developed in-house or procured from external entities –
- CVE-2025-48543 – Use-after-free in Android Runtime (Google)
- CVE-2025-6554 – Type confusion in V8 (Google Chrome)
- CVE-2023-41993 – WebKit JIT RCE (Apple Safari)
- CVE-2023-41992 – Kernel IPC Use-After-Free (Apple)
- CVE-2023-41991 – Certificate validation bypass in Security framework (Apple)
- CVE-2024-4610 – Use-after-free in Bifrost GPU and Valhall GPU Kernel Driver (Arm)
- CVE-2023-4762 – Type confusion in V8 (Google Chrome)
- CVE-2023-3079 – Type Confusion in V8 (Google Chrome)
- CVE-2023-2136 – Integer overflow in Skia (Google Chrome)
- CVE-2023-2033 – Use-After-Free in V8 (Google Chrome)
- CVE-2021-38003 – Inappropriate implementation in V8 (Google Chrome)
- CVE-2021-38000 – Insufficient validation of untrusted input in Intents (Google Chrome)
- CVE-2021-37976 – Information leak in memory_instrumentation (Google Chrome)
- CVE-2021-37973 – Use-after-free in Portals (Google Chrome)
- CVE-2021-1048 – Use-After-Free in Android Kernel (Google)
One such iOS zero-day exploit chain used against targets in Egypt in 2023 involved leveraging CVE-2023-41993 and a framework named JSKit to perform native code execution. GTIG said it observed the same exploit and framework used in a watering hole attack orchestrated by Russian government-backed hackers against Mongolian government websites, raising the possibility that the exploits are being sourced from a third-party.
 |
| Marketing brochure presenting the capabilities of Intellexa’s spyware product |
“The JSKit framework is well maintained, supports a wide range of iOS versions, and is modular enough to support different Pointer Authentication Code (PAC) bypasses and code execution techniques,” Google explained. “The framework can parse in-memory Mach-O binaries to resolve custom symbols and can ultimately manually map and execute Mach-O binaries directly from memory.”
 |
| Screenshot of an example PDS (Predator Delivery Studio) dashboard interface used to manage targets and view collected surveillance data |
Following the exploitation of CVE-2023-41993, the attack moved to the second stage to break out of the Safari sandbox and execute an untrusted third-stage payload dubbed PREYHUNTER by taking advantage of CVE-2023-41991 and CVE-2023-41992. PREYHUNTER consists of two modules –
- Watcher, which monitors crashes, makes sure that the infected device does not exhibit any suspicious behavior, and proceeds to terminate the exploitation process if such patterns are detected
- Helper, which communicates with the other parts of the exploit via a Unix socket and deploys hooks to record VoIP conversations, run a keylogger, and capture pictures from the camera
Intellexa is also said to be using a custom framework that facilitates the exploitation of various V8 flaws in Chrome – i.e., CVE-2021-38003, CVE-2023-2033, CVE-2023-3079, CVE-2023-4762, and CVE-2025-6554 – with the abuse of CVE-2025-6554 observed in June 2025 in Saudi Arabia.
Once the tool is installed, it collects data from messaging apps, calls, emails, device locations, screenshots, passwords, and other on-device information and exfiltrates them to an external server physically located in the customer’s country. Predator also comes fitted with the ability to activate the device’s microphone to silently capture ambient audio and leverage the camera to take photos.
The company, along with some key executives, was subjected to U.S. sanctions last year for developing and distributing the surveillance tool and undermining civil liberties. Despite continued public reporting, Recorded Future’s Insikt Group disclosed in June 2025 that it detected Predator-related activity in over a dozen countries, primarily in Africa, suggesting “growing demand for spyware tools.”
Perhaps the most significant revelation is that people working at Intellexa allegedly had the capability to remotely access the surveillance systems of at least some of its customers, including those located on the premises of its governmental customers, using TeamViewer.
“The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs – allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes,” Jurre van Bergen, technologist at Amnesty International Security Lab, said in a news release.
“If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware.”
The report has also highlighted the different delivery vectors adopted by Intellexa to trigger the opening of the malicious link without the need for the target to manually click on it. This includes tactical vectors like Triton (disclosed in October 2023), Thor, and Oberon (both unknown at this stage), as well as strategic vectors that are delivered remotely via the internet or mobile network.
The three strategic vectors are listed below –
- Mars and Jupiter, which are network injection systems that require cooperation between the Predator customer and the victim’s mobile operator or internet service provider (ISP) to stage an adversary-in-the-middle (AitM) attack by waiting for the target to open an unencrypted HTTP website to activate the infection or when the target visits a domestic HTTPS website that’s been already intercepted using valid TLS certificates.
- Aladdin, which exploits the mobile advertising ecosystem to carry out a zero-click attack that’s triggered simply upon viewing the specially-crafted ad. The system is believed to have been under development since at least 2022.
“The Aladdin system infects the target’s phone by forcing a malicious advertisement created by the attacker to be shown on the target’s phone,” Amnesty said. “This malicious ad could be served on any website which displays ads.”
 |
| Mapping of Intellexa’s corporate web linked to Czech cluster |
Google said the use of malicious ads on third-party platforms is an attempt to abuse the advertising ecosystem for fingerprinting users and redirecting targeted users to Intellexa’s exploit delivery servers. It also said it worked with other partners to identify the companies Intellexa created to create the ads and shut those accounts.
In a separate report, Recorded Future said it discovered two companies called Pulse Advertise and MorningStar TEC that appear to be operating in the advertising sector and are likely tied to the Aladdin infection vector. Furthermore, there is evidence of Intellexa customers based in Saudi Arabia, Kazakhstan, Angola, and Mongolia still communicating with Predator’s multi-tiered infrastructure.
“In contrast, customers in Botswana, Trinidad and Tobago, and Egypt ceased communication in June, May, and March 2025, respectively,” it added. “This may indicate that these entities discontinued their use of Predator spyware around those times; however, it is also possible that they merely modified or migrated their infrastructure setups.”
