Prolific Zero-Day Exploits Continue
Dec. 4, 2025, 11:30 a.m.
Description
Despite sanctions, Intellexa continues to operate, developing and selling spyware to various clients. The company has been linked to 15 unique zero-day vulnerabilities since 2021, targeting mobile browsers and operating systems. Their exploit chain, known as 'smack', uses a framework called JSKit for iOS exploitation. Intellexa has also been observed using malicious advertisements to deliver exploits. The company's activities have affected several hundred accounts across multiple countries. Google has taken steps to warn targeted users and add malicious domains to Safe Browsing. The international community is working towards developing norms to limit the misuse of surveillance technologies.
Tags
Date
- Created: Dec. 4, 2025, 10:32 a.m.
- Published: Dec. 4, 2025, 10:32 a.m.
- Modified: Dec. 4, 2025, 11:30 a.m.
Indicators
- e3314bcd085bd547d9b977351ab72a8b83093c47a73eb5502db4b98e0db42cac
- 85d8f504cadb55851a393a13a026f1833ed6db32cb07882415e029e709ae0750
Attack Patterns
- PREYHUNTER
- jFrutas
- jRAT - S0283
- Predator
- Intellexa
Additional Informations
- Government
- Angola
- Mongolia
- Egypt
- Tajikistan
- Uzbekistan
- Saudi Arabia
- Kazakhstan
- Pakistan