Leaked internal documents from surveillance firm Intellexa have provided a detailed view into the company’s operations, revealing the use of zero-day exploits and a novel delivery vector for its Predator spyware. The exposé originates from documents shared with media outlets and human rights organizations, including Amnesty International’s Security Lab.

The findings confirm that the Predator spyware, a tool designed for extensive mobile device surveillance, has been deployed using advanced and previously unconfirmed methods. The information offers concrete evidence of the technical capabilities sold to government clients.

Novel Ad-Based Infection Vector

A significant revelation from the leak is the use of the online advertising ecosystem as a vector for spyware delivery. Instead of relying solely on traditional spear-phishing links sent via messages, this technique involves placing advertisements on legitimate websites. When a targeted individual visits a page displaying the malicious ad, their device is silently redirected to an infection server to deploy the Predator implant. This method represents a one-click or potentially zero-click attack channel, as it can require minimal to no user interaction beyond visiting a mainstream website.

Targeted Zero-Day Exploits Detailed

The leaked materials also contained specifics about the exploits used to compromise target devices. The documents detailed a proposal for a system named “Aliα” which offered customers a package including Predator spyware and a portfolio of active zero-day exploits. Among those listed were vulnerabilities for multiple versions of Apple’s iOS, including iOS 16.0.3, 16.1.2, and 16.3.1. Additionally, a remote code execution (RCE) zero-day exploit for Google Chrome on Android was included in the company’s offerings. The documents also outlined pricing structures, with one proposal offering a package of 10 concurrent spyware infections for a price of €8 million.

Source: https://thehackernews.com/2025/12/intellexa-leaks-reveal-zero-days-and.html