Predator Spyware (Intellexa)
What is Predator Spyware (Intellexa)?
Predator Spyware (Intellexa)Commercial mobile spyware developed by Cytrox and marketed by the Intellexa consortium, used by government customers against journalists, opposition politicians, and civil society on iOS and Android.
Predator is delivered through one-click links and zero-click exploit chains, sometimes paired with network-injection devices reportedly using Sandvine middleboxes to redirect targets to exploit servers. Citizen Lab and Amnesty Security Lab have documented infections of European politicians, US-based journalists, and exiled activists; Reuters and Haaretz have reported on Intellexa's operations and clients. Apple and Google patched several Predator-linked vulnerabilities in 2023, including iOS CVE-2023-41991/41992/41993 and Chrome CVE-2023-4762. The U.S. Treasury sanctioned Intellexa-related entities and individuals in 2024, citing the spyware's role in targeting U.S. officials and dissidents.
● Examples
- 01
Citizen Lab documented Predator delivered through SMS one-click links to political figures and journalists.
- 02
Apple shipped iOS 16.7 / 17.0.1 to close zero-days used in an Intellexa Predator chain in September 2023.
● Frequently asked questions
What is Predator Spyware (Intellexa)?
Commercial mobile spyware developed by Cytrox and marketed by the Intellexa consortium, used by government customers against journalists, opposition politicians, and civil society on iOS and Android. It belongs to the Mobile Security category of cybersecurity.
What does Predator Spyware (Intellexa) mean?
Commercial mobile spyware developed by Cytrox and marketed by the Intellexa consortium, used by government customers against journalists, opposition politicians, and civil society on iOS and Android.
How does Predator Spyware (Intellexa) work?
Predator is delivered through one-click links and zero-click exploit chains, sometimes paired with network-injection devices reportedly using Sandvine middleboxes to redirect targets to exploit servers. Citizen Lab and Amnesty Security Lab have documented infections of European politicians, US-based journalists, and exiled activists; Reuters and Haaretz have reported on Intellexa's operations and clients. Apple and Google patched several Predator-linked vulnerabilities in 2023, including iOS CVE-2023-41991/41992/41993 and Chrome CVE-2023-4762. The U.S. Treasury sanctioned Intellexa-related entities and individuals in 2024, citing the spyware's role in targeting U.S. officials and dissidents.
How do you defend against Predator Spyware (Intellexa)?
Defences for Predator Spyware (Intellexa) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Predator Spyware (Intellexa)?
Common alternative names include: Predator, Cytrox Predator.
● Related terms
- mobile-security№ 810
Pegasus Spyware (NSO Group)
A commercial mobile spyware developed by the Israeli company NSO Group that infects iOS and Android phones, often through zero-click exploits, and exfiltrates messages, calls, location, and microphone data.
- mobile-security№ 550
iOS Malware
Malicious software targeting Apple iPhones and iPads, including supply-chain attacks on app developers, mercenary spyware, and threats specific to jailbroken devices.
- mobile-security№ 047
Android Malware
Malicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores.
- malware№ 1083
Spyware
Malware that secretly collects information about a user, device, or organization and sends it to an external party.
- vulnerabilities№ 1263
Zero-Day Exploit
Working exploit code for a vulnerability that the vendor does not yet know about, or for which no patch is available — extremely valuable to attackers.
- attacks№ 1116
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.