Image Main

A joint investigation by Amnesty International, Haaretz, Inside Story and Inside IT has revealed that the human rights lawyer from Balochistan province, Pakistan, was the target of Intellexa’s Predator spyware. This incident marks the first time that a member of civil society in Pakistan has been targeted by this surveillance tool. The attack was carried out using a suspicious link sent by WhatsApp, which Amnesty International identified as an “attempted Predator attack” based on its technical behavior and characteristics.

Intellexa, the maker of Predator spyware (similar to NSO Group’s Pegasus), uses this tool to extract sensitive data from Android and iOS devices without the target’s knowledge. The spyware has been marketed under various names, including Helios, Nova, Green Arrow and Red Arrow.

Infection Tactics and Exploited Vulnerabilities

Predator employs different initial access vectors, exploiting previously undisclosed vulnerabilities to install covertly, either through a zero-click or one-click approach.

1-Click Attack

In the case of a one-click attack, the target must click on a malicious link. This loads a browser exploit for Google Chrome (on Android) or Apple Safari (on iOS) to gain initial access to the device and install the main spyware payload.

Google Threat Intelligence Group (GTIG) has linked Intellexa with the exploitation of numerous zero-days, developed internally or acquired from third parties. These include:

Vulnerabilities in Android:

  • CVE-2025-48543: Use-after-free in Android Runtime (Google)
  • CVE-2021-1048: Use-after-free in Android Kernel (Google)
  • CVE-2024-4610: Use-after-free in Bifrost GPU and Valhall GPU Kernel Driver (Arm)

Vulnerabilities in Google Chrome (V8 and Skia):

  • CVE-2025-6554: Type confusion in V8
  • CVE-2023-4762: Type confusion in V8
  • CVE-2023-3079: Type confusion in V8
  • CVE-2023-2136: Integer overflow in Skia
  • CVE-2023-2033: Use-after-free in V8
  • CVE-2021-38003: Inappropriate implementation in V8
  • CVE-2021-38000: Insufficient validation of untrusted input in Intents
  • CVE-2021-37976: Information leak in memory_instrumentation
  • CVE-2021-37973: Use-after-free in Portals

Vulnerabilities in Apple iOS/Safari:

  • CVE-2023-41993: WebKit JIT RCE (Apple Safari)
  • CVE-2023-41992: Kernel IPC Use-After-Free (Apple)
  • CVE-2023-41991: Certificate validation bypass in the security framework (Apple)

A specific example of an iOS exploit chain observed in 2023 against targets in Egypt used CVE-2023-41993 and the JSKit framework.

Spyware Payload (PREYHUNTER)

Upon successful exploitation, the attack moves to a second stage to bypass the Safari sandbox and execute the third stage payload, named PREYHUNTER, exploiting additional vulnerabilities such as CVE-2023-41991 and CVE-2023-41992. PREYHUNTER consists of two key modules:

  • Watcher: Monitors failures and suspicious behavior on the device. If anomalous patterns are detected, the exploitation process ends to avoid detection.
  • Helper: Communicates with other parts of the exploit to deploy hooks, record VoIP conversations, capture keystrokes (keylogger), and take photos with the camera.

Once installed, Predator collects data from messaging apps, calls, emails, device locations, screenshots and passwords, exfiltrating it to an external server physically located in the customer’s country.

Intellexa Advanced Delivery Vectors and Remote Access

The investigation also revealed more sophisticated delivery vectors (zero clicks) and questionable operating practices by Intellexa:

Strategic Vectors (Zero Click)

  • Mars and Jupiter (Network Injection): These network injection systems require the cooperation of the target’s Internet Service Provider (ISP) or mobile operator. They perform “adversary-in-the-middle” (AitM) attacks to infect the device when the target visits an unencrypted HTTP website or an intercepted domestic HTTPS site.
  • Aladdin (Mobile Advertising Ecosystem): This system exploits the mobile advertising ecosystem. A zero-click attack is triggered simply by viewing a malicious ad created by the attacker. Google has identified and closed accounts of companies (Pulse Advertise and MorningStar TEC) linked to this vector.

Remote Client Access

One significant revelation is that Intellexa personnel allegedly had the ability to remotely access their clients’ surveillance systems, including those located at government clients’ facilities, using TeamViewer. According to Amnesty International, this practice raises serious questions about Intellexa’s human rights due diligence processes and could expose the company to liability claims in cases of misuse.

Despite sanctions imposed by the United States last year for undermining civil liberties, Recorded Future reported in June 2025 that it detected Predator-related activity in more than a dozen countries, mainly in Africa, suggesting a “growing demand” for this type of spyware. Communication with Predator infrastructure by customers in Saudi Arabia, Kazakhstan, Angola and Mongolia is still active, while customers in Botswana, Trinidad and Tobago and Egypt appear to have ceased use.

References

  • Google Threat Intelligence Group (GTIG)
  • Amnesty International Security Lab *Recorded Future’s Insikt Group
  • CVE-2025-48543
  • CVE-2025-6554
  • CVE-2023-41993
  • CVE-2023-41992
  • CVE-2023-41991
  • CVE-2024-4610
  • CVE-2023-4762
  • CVE-2023-3079
  • CVE-2023-2136
  • CVE-2023-2033
  • CVE-2021-38003
  • CVE-2021-38000
  • CVE-2021-37976
  • CVE-2021-37973
  • CVE-2021-1048
  • JSKit Framework
  • PREYHUNTER (Spyware payload)
  • Press Advertise and MorningStar TEC (companies linked to attack vectors)