Amnesty International’s Security Labs and the European Investigative Collaboration (EIC) have uncovered new evidence of a large-scale surveillance operation called “The Predator Files.” This operation involved the use of powerful spyware known as Predator, developed by Cytrox  , a subsidiary of surveillance company Intellexa . The spyware targeted over 50 social media accounts in 10 countries , including political leaders and lawmakers. The project was led by reporters from various media outlets and included technical researchers from Amnesty International and The Citizen Lab . The Predator malware was eventually banned by Meta Platforms Inc . and both Cytrox and Intellexa were placed on a block list by the U.S.  government     .
Amnesty International’s Security Labs and the EIC collaborated with journalists and researchers to uncover new evidence of a large-scale surveillance operation called “The Predator Files.” This operation involved the use of powerful spyware known as Predator, developed by Cytrox  , a subsidiary of surveillance company Intellexa . The spyware targeted over 50 social media accounts in 10 countries , including political leaders such as the presidents of the European Parliament and Taiwan , as well as U.S.  Congressman Michael McCaul and U.S.  Senator Chris Murphy . It only took one message or click to compromise a person’s digital life . The project was led by reporters from various media outlets and included technical researchers from Amnesty International and The Citizen Lab . The Predator malware was eventually banned by Meta Platforms Inc . and both Cytrox and Intellexa were placed on a block list by the U.S.  government     .
Amnesty International’s Security Labs and the EIC also conducted an analysis that revealed new information about the Predator spyware. Between August and October 2021 , three separate campaigns were identified, where state-backed attackers exploited five different zero-day vulnerabilities to install the spyware on fully updated Android devices . The spyware was sold to government-backed threat actors in multiple countries . The campaigns used one-time links sent via email to targeted Android users , redirecting them to an attacker-owned domain that delivered the zero-day exploits . The targeted devices were first infected with an Android malware called Alien , which loaded the Predator spyware . Once installed, the spyware could access messages, calls , photos , and passwords on the user’s device . It could also hide apps, add a certificate authority , and control the phone’s camera and microphone .
The analysis further highlighted Intellexa as the main distributor of Predator. Intellexa has been using various products from alliance partners to intercept and subvert mobile networks and Wi-Fi technologies  , sometimes with the help of Internet service providers (ISPs)  . Sales of the Predator malware were traced to government contracts in Vietnam . Amnesty International also found that other spyware products from Intellexa were used in 25 countries to undermine human rights and press freedom . The investigation revealed that 25 countries have purchased invasive surveillance products from the alliance , including Switzerland , Austria , Germany , Oman , Qatar , Congo , Kenya , United Arab Emirates , Singapore , Pakistan , Jordan , and Vietnam   . The presence of the Predator spyware system was identified in countries such as Sudan, Mongolia  , Madagascar   , Kazakhstan  , Egypt   , Indonesia  , Vietnam    , and Angola  .
Amnesty International has conducted an investigation revealing that Predator spyware , developed by Israeli surveillance company Intellexa , has targeted at least 50 accounts belonging to 27 individuals and 23 institutions . The spyware has the ability to access the microphone , camera   , and data on infected devices without the user’s knowledge . Among the targets are the President of the European Parliament  , UN officials , and US lawmakers . The investigation suggests that a social media account named “@Joseph_Gordon16” was likely acting on behalf of the Vietnamese government or interest groups in the country , as it posted malicious links to infect devices with Predator spyware .
The widespread use of the Predator spyware highlights the potential for human rights abuses facilitated by the unchecked sale and transfer of surveillance technologies . The operation also raises concerns about the failure of EU regulations to address the use of spyware . The United States government has placed Intellexa on its “entity list” to restrict trading with American companies . Amnesty International criticizes the lack of government safeguards against the use of these surveillance products , which undermine human rights    , press freedoms    , and social movements  .
To protect against such threats, it is important to keep software up-to-date , install antivirus software , be cautious about cookies , and use anti-tracking browser extensions . Additionally, users can enroll in Google’s Advanced Protection Program for additional security .