✨ Visual Editor

close

palette Canvas & Background

Gradient:arrow_forward
Text Color:
135°

style Card Style

40px
16px

text_fields Typography

16px
International Cyber Digest
@IntCyberDigest
‼️🇮🇱 Smartphones worldwide were silently infected with Israeli malware via malicious ads

Simply viewing their ads was enough to get infected.

Surveillance company Intellexa gained full access to cameras, microphones, chat apps, emails, GPS locations, photos, files, and browsing activity.
Thread image
International Cyber Digest
@IntCyberDigest
Internal leaked company documents, sales and marketing materials, as well as training videos from the “Intellexa Leaks” investigation provide a never-before-seen glimpse into the internal operations of a mercenary spyware company focused on exploiting vulnerabilities in mobile devices to enable targeted surveillance attacks on human rights defenders, journalists, and members of civil society.
Thread image
International Cyber Digest
@IntCyberDigest
In an attempt to hide the spyware operator's identity, all data is relayed through a chain of anonymization servers called the “CNC Anonymization Network.”

Since the spyware relies on browser exploits, the operator must trick the victim into opening the malicious link; if the link is not opened, infection fails.

Each time a one-click attack link is sent, it risks exposing the operator, as a suspicious target may share it with forensic experts, revealing the attack and potentially the operator.
Thread image
International Cyber Digest
@IntCyberDigest
To avoid detection, Intellexa has designed several “delivery vectors”—different approaches to triggering the opening of an infection link on the target’s phone without requiring the target to manually click it. This enables Intellexa to offer zero-click-like functionality without needing additional zero-click exploits.
Thread image
International Cyber Digest
@IntCyberDigest
One slide shows they’ve been buying or partnering with ISPs to deliver their malicious payloads.
Thread image
International Cyber Digest
@IntCyberDigest
Ongoing research and technical investigations by Amnesty International indicate that advertisement-based infection methods are being actively developed and used by multiple mercenary spyware companies and by certain governments that have built similar ADINT infection systems.

Amnesty International believes that the use of such “silent” vectors to deliver browser exploits will continue to grow as targets become increasingly suspicious of unknown links and as true zero-click attacks become more expensive and technically difficult to achieve. These findings should redouble efforts by technology vendors and companies in the digital advertising ecosystem to investigate and disrupt such attacks.
Thread image
International Cyber Digest
@IntCyberDigest
Despite Intellexa being sanctioned by the US, they're still operating.
Thread image
International Cyber Digest
@IntCyberDigest
Read the full Amnesty report: securitylab.amnesty.org/latest/2025/12…
Generated by Thread Navigator
100%
view_carousel Carousel Studio NEW
Press + S to quick-export