This new tool uses the security flaws in the mobile advertising ecosystem to deploy zero-click attacks. The U.S. has already sanctioned Intellexa and its leadership. Coming on the heels of their role in the development and dissemination of invasive surveillance software, this is a deeply concerning move. The implications of Predator’s capabilities undercut privacy and civil liberties around the world.
Since its initial creation in 2022, Predator has matured into a multipurpose spyware utility, capable of performing highly sophisticated functions. It takes advantage of previously unknown vulnerabilities to secretly implant itself on targeted devices. This is done via an initial access vector that can range from messaging platforms to booby-trapped ads. Importantly, a zero-click attack is activated just by looking at a specially-made ad, putting users at risk without their awareness or consent.
The Mechanics of Predator
Predator’s ability to parse in-memory Mach-O binaries lets it resolve custom symbols and run arbitrary binaries directly from memory. This capability significantly amplifies the spyware’s stealth and efficiency, allowing it to conduct surveillance operations often undetected.
Predator utilizes an innovative zero-click attack technique to hit victims out of nowhere. Specifically, it exploits a vulnerability in versions of Google Chrome on Android and Apple Safari on iOS. Once a victim unknowingly clicks a booby-trapped link, the spyware immediately gains access to the device. It then downloads its main payload, further increasing the threat.
Besides these strategic or tactical vectors, Intellexa has open source and build for easy deployment across a wide spectrum of scenarios. Direct installations with tactical vectors such as Triton, Thor and Oberon ease the process. Strategic vectors like Mars and Jupiter require collaboration with the targeted victim’s cellular network provider or internet access provider (IAP) for effective network injections.
“The JSKit framework is well maintained, supports a wide range of iOS versions, and is modular enough to support different Pointer Authentication Code (PAC) bypasses and code execution techniques,” – Google
Surveillance Impacts and Civil Liberties
The deployment of Predator presents very serious questions about its contribution to the degradation of civil liberties and human rights. Reports indicate that the spyware has been used to surveil critics illegally. This intrusive breach is an affront against the foundational privacy tenets that support democratic governance. The earliest documented incident with Predator occurred when a human rights attorney from Pakistan’s Balochistan province clicked on a harmful link sent to them. This address was received from an unknown number through WhatsApp. This represented a despicable new low in the use of Intellexa’s spyware to target civil society members.
Jurre van Bergen, a technologist at Amnesty International Security Lab, stated, “The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs – allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes.”
Furthermore, the potential liability for human rights abuses linked to the use of such spyware poses a significant ethical dilemma. Van Bergen added, “If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware.”
Market Strategies and Naming Conventions
Intellexa has marketed Predator under other names, such as Helios, Nova, Green Arrow and Red Arrow. This clever strategic branding would obscure the company’s ownership of the horrific spyware tool. All the while, it seeks to appeal to an exceptionally diverse clientele across all geographic areas.
Intellexa has created sophisticated tools and frameworks designed to fit many operational requirements. These tactical and strategic vectors combine to provide end-users with unprecedented options for deploying Predator. This incredible range adds yet another layer of challenge for accountability and regulatory oversight.
“In contrast, customers in Botswana, Trinidad and Tobago, and Egypt ceased communication in June, May, and March 2025, respectively,” – Recorded Future’s Insikt Group
The international community still watches Intellexa’s moves as the demands for regulations that govern intangible, spyware technologies becomes louder and bolder. The void of accountability and transparency around these companies makes the case that much stronger for robust policies to safeguard people’s rights.