A new investigation has revealed that Predator spyware, developed by the commercial surveillance firm Intellexa, can infect mobile phones in seconds via seemingly ordinary online advertisements.
he revelations stem from months of leaked internal company documents, training videos, and marketing materials verified by Amnesty International.
Though Predator is typically deployed by governments and well-funded organisations, the scale and sophistication of the spyware raise urgent questions regarding privacy and human rights.
How Predator Works
Intellexa's flagship product, Predator, is a mercenary spyware platform used by governments and large corporations to surveil specific individuals. The spyware exploits zero-day vulnerabilities in mobile browsers, allowing it to bypass security measures without user interaction.
Experts estimate that weaponised zero-day exploits cost between $100,000 and $300,000 (£82,000 to £247,000) per vulnerability, depending on the target device or application. High-value exploits capable of zero-click, full-chain infection against Android and iPhone devices can reach up to £3.3 million, highlighting why only well-resourced organisations can afford Intellexa's services.
The latest leaks confirm that Predator can be delivered via online ads, automatically infecting devices and granting attackers access to microphones, cameras, messages and more.
Amnesty International noted that this method enables the precise targeting of dissidents, journalists and human rights defenders without affecting the wider public.
Evidence from Leaks and Investigations
The 'Intellexa Leaks', a joint investigation by Inside Story, Haaretz and WAV Research Collective with technical analysis by Amnesty International, exposes the spyware's internal operations. The documents reveal that Intellexa can remotely access customer logs, giving staff the ability to view the details of ongoing surveillance operations.
Previous instances of abuse include the 2021 targeting of Greek journalist Thanasis Koukakis. Leaks further confirm recent attacks, such as a Pakistani human rights lawyer receiving a malicious WhatsApp link last summer. The message appeared to come from a trusted source, but was designed to hack the recipient's device.
Researchers have traced Predator use to multiple countries including Pakistan, Saudi Arabia, Iraq, Kazakhstan, Angola and Mongolia. Some clients, like those in Egypt, Botswana and Trinidad and Tobago, appear to have ceased operations.
Despite US sanctions against Intellexa and its founder Tal Jonathan Dilian, the spyware continues to operate in various regions, illustrating the challenge of regulating mercenary cyber tools.
Global Risks and Human Rights Concerns
The continued deployment of Predator highlights the threats posed by commercial spyware. By exploiting zero-day vulnerabilities and hiding within common online platforms like ad networks, Intellexa enables precise surveillance that violates privacy, freedom of expression and other human rights.
Amnesty International's Jurre van Bergen said: 'If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse.'
The leaks also reveal Intellexa's plans to launch a new spyware product called Aladdin, which will expand ad-based infections further. Such tools demonstrate how modern surveillance technology is increasingly embedded in everyday digital interactions, turning ordinary phones into instruments of espionage.
Protecting Yourself and Staying Vigilant
For most people, the threat is not universal, but targeted. Nevertheless, these revelations serve as a stark reminder of the vulnerabilities inherent in mobile devices.
Users are encouraged to exercise caution with links, downloads and advertisements from unknown sources.
Privacy experts stress that vigilance and careful digital hygiene are key to reducing risks. At the same time, the leaks underscore the importance of watchdog organisations exposing misuse of spyware and advocating for stronger regulations on commercial surveillance firms.
Predator may not be invading every phone, but its presence in ad networks and mobile browsers signals a new era in cyber surveillance where individual devices can be compromised silently and with alarming speed.
