Intellexa’s Predator spyware used to hack iPhone of journalist in Angola, research says
Intellexa's Predator Spyware Used to Hack Journalist's iPhone in Angola, Research Says
A government customer of sanctioned spyware maker Intellexa has been linked to a hacking attempt against a prominent journalist in Angola, according to a new report by Amnesty International. The report, which analyzed several hacking attempts against local journalist and press freedom activist Teixeira Cândido, found that he was sent a series of malicious links via WhatsApp during 2024. Cândido eventually clicked on one of the links, which led to his iPhone being hacked with Intellexa's Predator spyware.
The Rise of Commercial Surveillance Vendors
Intellexa is one of the most controversial spyware makers of the last few years, operating from different jurisdictions to skirt export laws and using an "opaque web of corporate entities" to hide its activities. The company has been linked to several high-profile hacking attempts, including those in Egypt, Greece, and Vietnam, where the government reportedly targeted U.S. officials by sending the spyware via links on X.
Sanctions and Controversies
In 2024, the outgoing Biden administration sanctioned Intellexa, as well as its founder Tal Dilian and his business partner Sara Aleksandra Fayssal Hamou. However, the Treasury later lifted sanctions against three other executives tied to Intellexa, leaving Senate Democrats demanding answers from the Trump administration. Dilian did not respond to a request for comment.
How the Hacking Attempt Worked
Amnesty researchers found that Intellexa used infection servers that had been previously linked to the company's spyware infrastructure. The researchers also discovered that Predator stayed hidden by impersonating legitimate iOS system processes to avoid detection. Cândido eventually rebooted his phone, which wiped the spyware from his device.
Implications and Concerns
The report highlights the growing concern of commercial surveillance vendors being used by governments to target journalists, politicians, and ordinary citizens. Amnesty believes Cândido may be just one of many targets in the country, based on their findings that they were able to find multiple domains linked to the spyware maker used in Angola. "We've now seen confirmed abuses in Angola, Egypt, Pakistan, Greece, and beyond — and for every case we uncover, many more abuses surely remain hidden," said Donncha Ó Cearbhaill, the head of the security lab at Amnesty International.
Practical Insights and Implications
The report provides several practical insights and implications for individuals and organizations:
- Be cautious of suspicious links: Cândido was targeted by a series of malicious links via WhatsApp. Individuals should be cautious of suspicious links and avoid clicking on them.
- Keep software up to date: Cândido's phone was running an outdated version of iOS at the time of the hacking attempt. Keeping software up to date can help prevent such attacks.
- Use strong passwords and two-factor authentication: Intellexa's Predator spyware stayed hidden by impersonating legitimate iOS system processes. Using strong passwords and two-factor authentication can help prevent such attacks.
- Use a reputable antivirus software: A reputable antivirus software can help detect and prevent malware attacks.
Forward-Looking Thoughts and Implications
The report highlights the growing concern of commercial surveillance vendors being used by governments to target individuals and organizations. As technology continues to evolve, it is essential to stay vigilant and take necessary precautions to prevent such attacks. The implications of this report are far-reaching and have significant consequences for individuals, organizations, and governments.
