The Predator spyware [1] [2] [3] [4] [5], developed by Cytrox and Intellexa [2], is being actively used in multiple countries [2], with a focus on mobile phones in 11 countries.


The spyware’s infrastructure remains largely unchanged [2], with delivery servers [1] [2] [3] [4], upstream servers [1] [2] [4], and in-country ISP IP addresses [2]. Sekoia has identified new Predator infrastructure and an increase in malicious domains associated with the spyware [2]. Predator is a sophisticated spyware that can be deployed through ‘one-click’ or ‘zero-click’ attacks [2], granting unauthorized access to a device’s microphone [2], camera [2] [4], and data [2]. Instances of Predator infections have been reported [2], targeting individuals in various sectors and countries [2], including politicians, journalists [2] [4] [5], and executives [2]. Notable cases include successful infections of Egyptians [2], a Greek politician [2], and a Meta executive [2], as well as a surveillance operation in Vietnam targeting social media accounts [2]. The operators of Predator have updated their infrastructure and are now targeting mobile devices in at least eleven countries [5], including Armenia [2] [4] [5], Indonesia [4] [5], Kazakhstan [4] [5], Mongolia [4] [5], Oman [4] [5], Saudi Arabia [4] [5], and Trinidad and Tobago [4] [5]. Despite claims of counterterrorism and law enforcement use [5], Predator is often used against civil society [5], with journalists, politicians [2] [4] [5], and activists as targets. Researchers suggest a new approach is needed to combat spyware threats [3], as traditional methods may not be sufficient. Recorded Future’s Insikt Group has identified Predator spyware operating in at least 11 countries [1], with consistent tactics and procedures indicating ongoing success [1].


The use of Predator spyware poses significant risks to individuals and organizations, with a need for enhanced cybersecurity measures to mitigate these threats. Future implications include the need for innovative strategies to address the evolving landscape of spyware attacks and protect against unauthorized access to sensitive information.