Intellexa Predator spyware delivery and device-data exfiltration
Malware Activity
Summary
Hide ▲
Show ▼
Intellexa's Predator spyware was used in a new 1-click targeting attempt against a civil society lawyer in Pakistan, underscoring continued mobile surveillance operations and the risk of covert device compromise. The lure arrived as a suspicious WhatsApp link from an unknown number and was assessed as a Predator infection attempt. The tooling has also been tied to 1-click, zero-click, and ads-based delivery chains that exploit browser flaws on Android and iOS. Once installed, Predator can silently collect messages, calls, emails, locations, screenshots, passwords, and other on-device data and exfiltrate it externally.
Related Happenings
Google Ads tax-search ScreenConnect malvertising campaign
Campaign
First: 24.03.2026 19:05
Last: 24.03.2026 19:05
Sources 1
About this happening:
A **malvertising campaign** active since **January 2026** is using **Google Ads** and tax-related search terms to push rogue **ConnectWise ScreenConnect** installers, creating a p...
Google Ads tax-search ScreenConnect malvertising campaign
CampaignAbout this happening: A **malvertising campaign** active since **January 2026** is using **Google Ads** and tax-related search terms to push rogue **ConnectWise ScreenConnect** installers, creating a p...
Perseus Android malware family actively distributed in the wild
Malware Activity
First: 19.03.2026 14:43
Last: 19.03.2026 14:43
Sources 1
About this happening:
The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Perseus Android malware family actively distributed in the wild
Malware ActivityAbout this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
BeatBanker Android phishing campaign targeting Brazilian users
Campaign
First: 12.03.2026 09:56
Last: 12.03.2026 09:56
Sources 1
About this happening:
A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...
BeatBanker Android phishing campaign targeting Brazilian users
CampaignAbout this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...
Predator spyware targeting Teixeira Cândido's iPhone
Malware Activity
First: 18.02.2026 19:30
Last: 18.02.2026 19:30
Sources 1
About this happening:
**Predator spyware** successfully targeted **Teixeira Cândido's iPhone** in **May 2024**, giving an attacker the ability to gain **unrestricted access** to the device. The infecti...
Predator spyware targeting Teixeira Cândido's iPhone
Malware ActivityAbout this happening: **Predator spyware** successfully targeted **Teixeira Cândido's iPhone** in **May 2024**, giving an attacker the ability to gain **unrestricted access** to the device. The infecti...
Android RAT campaign using Hugging Face dropper lure
Campaign
First: 16.02.2026 12:24
Last: 16.02.2026 12:24
Sources 1
About this happening:
In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...
Android RAT campaign using Hugging Face dropper lure
CampaignAbout this happening: In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...
Timeline
-
05.12.2025 13:47 2 articles · 5mo ago
Intellexa Predator targeting and delivery vectors disclosed
Initial DisclosureAmnesty International and partners disclosed that a human rights lawyer in Pakistan's Balochistan province received a suspicious WhatsApp link from an unknown number, and assessed it as a Predator 1-click infection attempt, marking the first known targeting of a civil society member in Pakistan by Intellexa's spyware. The same disclosure described Predator's 1-click and zero-click delivery chains on Android and iOS, the PREYHUNTER second-stage payload, the JSKit framework, the ads-based Aladdin vector, and continued Predator-related activity across multiple countries.
Show sources
- Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery — thehackernews.com — 05.12.2025 13:47
- Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery — thehackernews.com — 05.12.2025 13:47