Hi,👋 we have updated the app and fixed multiple bugs. We are lacking funds, request to free user not to use Adblock. Ads are non intrusive. 😊

@IntCyberDigest: ‼️🇮🇱 Smartphones worldwide wer...

@IntCyberDigest
9 views Dec 05, 2025
1
‼️🇮🇱 Smartphones worldwide were silently infected with Israeli malware via malicious ads

Simply viewing their ads was enough to get infected.

Surveillance company Intellexa gained full access to cameras, microphones, chat apps, emails, GPS locations, photos, files, and browsing activity.
Media image
2
Internal leaked company documents, sales and marketing materials, as well as training videos from the “Intellexa Leaks” investigation provide a never-before-seen glimpse into the internal operations of a mercenary spyware company focused on exploiting vulnerabilities in mobile devices to enable targeted surveillance attacks on human rights defenders, journalists, and members of civil society.
Media image
3
In an attempt to hide the spyware operator's identity, all data is relayed through a chain of anonymization servers called the “CNC Anonymization Network.”

Since the spyware relies on browser exploits, the operator must trick the victim into opening the malicious link; if the link is not opened, infection fails.

Each time a one-click attack link is sent, it risks exposing the operator, as a suspicious target may share it with forensic experts, revealing the attack and potentially the operator.
Media image
4
To avoid detection, Intellexa has designed several “delivery vectors”—different approaches to triggering the opening of an infection link on the target’s phone without requiring the target to manually click it. This enables Intellexa to offer zero-click-like functionality without needing additional zero-click exploits.
Media image
5
One slide shows they’ve been buying or partnering with ISPs to deliver their malicious payloads.
Media image
6
Ongoing research and technical investigations by Amnesty International indicate that advertisement-based infection methods are being actively developed and used by multiple mercenary spyware companies and by certain governments that have built similar ADINT infection systems.

Amnesty International believes that the use of such “silent” vectors to deliver browser exploits will continue to grow as targets become increasingly suspicious of unknown links and as true zero-click attacks become more expensive and technically difficult to achieve. These findings should redouble efforts by technology vendors and companies in the digital advertising ecosystem to investigate and disrupt such attacks.
Media image
7
Despite Intellexa being sanctioned by the US, they're still operating.
Media image
8
Read the full Amnesty report: securitylab.amnesty.org/latest/2025/12…
Actions
Visual Editor Carousel Maker NEW
Update Thread
What You Can Do
  • Download as PDF
  • Save to Notion
  • Export as Markdown
  • Visual Editor
  • LinkedIn & Instagram Carousel Maker
Create Free Account

Includes 7-day Premium trial