Predator

Predator is a commercial spyware product developed and marketed by Intellexa, a Cyprus-based alliance of European surveillance firms founded in 2019 by Tal Dilian, a former Israeli signals intelligence officer. Predator has been deployed against journalists, opposition politicians, and activists across Greece, Egypt, Saudi Arabia, Vietnam, and Madagascar. Functionally similar to Pegasus, with documented one-click and zero-click delivery chains depending on the target’s environment. The US Treasury sanctioned Intellexa in March 2024, the first sanctions against a commercial spyware vendor.

What it means in practice

Predator targets specific individuals through one-click links delivered by SMS or chat, and in higher-cost deployments through zero-click chains delivered via messaging app vulnerabilities. Once on the device, it accesses messages, photos, microphone, camera, location, and stored credentials. Citizen Lab, Amnesty Tech, and Meta’s adversarial threat team have documented infections on both Android and iOS through 2024 and into 2025. The targeting profile is consistent with NSO Group’s Pegasus: high-value individuals rather than mass surveillance.

Specific things to know

Intellexa’s commercial distribution runs through several front companies including Cytrox in Skopje, Nexa Technologies in France, and a network of resellers across the Balkans and Israel. The 2023 Predator Files investigation by EIC and Mediapart traced sales to Egypt, Madagascar, Sudan, Saudi Arabia, Vietnam, Oman, and others. The United States imposed sanctions on Intellexa and Cytrox executives on March 5, 2024, followed by additional sanctions in July 2024 covering five further entities and one individual. The company has reportedly restructured under new corporate names in the period since.

Change today

Apple’s Lockdown Mode reduces exposure but does not eliminate it. Predator infections have been observed on devices running Lockdown Mode in 2023 forensic cases. The operational answer for any plausible high-risk target is that consumer-grade hardening is insufficient against a determined Intellexa-class adversary. A combination of hardened device configuration, network behaviour monitoring, and disciplined messaging hygiene is required, and even that combination is best understood as raising cost rather than producing certainty.

Related articles

See our coverage of the Predator Files investigation, US Treasury sanctions against Intellexa, Citizen Lab forensic documentation of one-click infections, and the broader mercenary spyware market.