Prolific Zero-Day Exploits Continue
Dec. 21, 2025, 6:23 p.m.
Description
Despite sanctions, Intellexa continues to operate, developing and selling spyware to various clients. The company has been linked to 15 unique zero-day vulnerabilities since 2021, targeting mobile browsers and operating systems. Their exploit chain, known as 'smack', uses a framework called JSKit for iOS exploitation. Intellexa has also been observed using malicious advertisements to deliver exploits. The company's activities have affected several hundred accounts across multiple countries. Google has taken steps to warn targeted users and add malicious domains to Safe Browsing. The international community is working towards developing norms to limit the misuse of surveillance technologies.
Tags
Date
- Created: Dec. 4, 2025, 10:32 a.m.
- Published: Dec. 4, 2025, 10:32 a.m.
- Modified: Dec. 21, 2025, 6:23 p.m.
Indicators
- 85d8f504cadb55851a393a13a026f1833ed6db32cb07882415e029e709ae0750
- e3314bcd085bd547d9b977351ab72a8b83093c47a73eb5502db4b98e0db42cac
Attack Patterns
- Adwind
- PREYHUNTER
- jRAT - S0283
- Predator
- Intellexa
Additional Informations
- Government and administrations
- Angola
- Tajikistan
- Uzbekistan
- Egypt
- Saudi Arabia
- Kazakhstan
- Mongolia
- Pakistan