U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware

The U.S. Department of the Treasury's Office of Foreign Assets Control OFAC on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as...

A week in security (December 1 – December 7)

Last week on Malwarebytes Labs: Leaks show Intellexa burning zero-days to keep Predator spyware running How scammers use fake insurance texts to steal your identity Canadian police trialing facial recognition bodycams Update Chrome now: Google fixes 13 security issues affecting billions Attackers...

Leaks show Intellexa burning zero-days to keep Predator spyware running

Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator...

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report. The link, the non-profit...

Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks. The cellular baseband i.e., modem refers to a processor on the device that's responsible for handling all connectivity, su...

US Sanctions Intellexa Spyware Network Over Threat to National Security

The U.S. Treasury sanctions the Intellexa Consortium and key figures for distributing Predator spyware, a serious national security…...

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless...

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

Suspected Russian hackers have compromised a series of websites to utilize sophisticated spyware exploits that are eerily similar to those created by NSO Group and Intellexa...

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. "These individuals have facilitated ...

Predator spyware vendor banned in US

The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US. Predator can turn infected smartphones into surveillance devices. Intellexa is based in Greece but the Treasury Department imposed the sanctions because of...

U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists

The U.S. Department of Treasury's Office of Foreign Assets Control OFAC sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in "developing, operating, and distributing" commercial spyware designed to target government officials, journalists, and poli...

New iShutdown Method Exposes Hidden Spyware Like Pegasus on Your iPhone

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator. Kaspersky, which analyzed a set of iPhones that were...

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected...

Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware

By Mike Gentile, Asheer Malhotra and Vitor Ventura. Editors note: This blog post is a public version of a talk presented at LabsCon 2023 on Sept. 22, 2023. You can watch a recording of the talk here. Some of the intelligence presented at LabsCon was later confirmed by an Amnesty International blo...

Analysis of Intellexa’s Predator Spyware

Amnesty International has published a comprehensive analysis of the Predator government spyware products. These technologies used to be the exclusive purview of organizations like the NSA. Now theyre available to every country on the planet--democratic, nondemocratic, authoritarian, whatever--for...

The growth of commercial spyware based intelligence providers without legal or ethical supervision

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa previously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differe...

Predator Android Spyware: Researchers Uncover New Data Theft Capabilities

Security researchers have detailed the inner workings of the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexapreviously Cytrox. Predator was first documented by Google's Threat Analysis Group TAG in May 2022 as part of attacks leveraging five differen...

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a...