Skip to content

Predator spyware returns after sanctions against Intellexa fail

  • by
  • 2 min read

After the spyware firm Intellexa was hit by US sanctions earlier in 2024, its Predator spyware activity appeared to decline. However, a more recent investigation reveals that the spyware’s infrastructure is back, with upgrades that help evade detection and anonymise users.

The researchers claim that the spyware is likely being used in countries like the Democratic Republic of Congo (DRC), Saudi Arabia, and Angola. The new and improved infrastructure adds another tier to Predator’s multi-level delivery system, making it harder to detect which countries are using it and also making it difficult for security researchers to track the spyware’s spread.

However, the firm was able to track potential customers in the aforementioned nations in three of the four detected clusters. The fourth cluster has potential links to Madagascar and the United Arab Emirates. In the case of Congo, researchers assume that the user is tied to the government, but it can also be a contractor.

Photo: Trismegist san / Shutterstock.com
Photo: Trismegist san / Shutterstock.com

The spyware’s operational side remains largely the same. It likely exploits both one-click and zero-click attack vectors, which often exploit browser vulnerabilities and network access to install itself on target devices. Unlike Pegasus, there are no reports of a fully remote zero-click attack yet. Mitigation measures are also relatively simple and include frequent device restarts, software updates, mobile device management (MDM) systems implementation, and lockdown mode apart from security awareness training for individuals at risk.

Intellexa, the European spyware firm behind Predator, has had a tough few months, with public reporting and US sanctions denting their operations throughout the year. Predator’s reappearance suggests that the firm might be able to take on bigger challenges now, considering the improvements to its architecture. With the ever-rising global demand for competent spyware, especially considering Pegasus creator NSO Group’s PR problem, potential customers are looking for alternatives now more than ever.

In the News: Parents can now supervise teen YouTubers with Family Hub

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>