Predator Spyware: The Silent Predator Turning Phones Into Surveillance Tools (with video)

Estimated read time 4 min read

Don’t you ever wonder how safe your smartphone really is? In a world where governments seem to be ramping up surveillance, there is a player that can turn your phone into a spy tool. Meet the Predator Spyware, a malware allegedly sold to governments worldwide, leaving no one safe.

What Exactly is Predator Spyware?

Predator Spyware is a monitoring software developed by Cytrox, a company established in 2017 in North Macedonia1. The company, then led by CEO Ivo Malinkovski, claims to provide “operational cyber solutions” to governments, including device and cloud data extraction.

Once Predator gains access to your phone, it leaves no data unturned.

From accessing messages and calls to capturing photos and passwords, it does it all. The software can even manipulate your phone into trusting malicious websites and apps, turning your device into a surveillance weapon.

The Origins and Reach of Cytrox

Cytrox was originally a startup, but in 2019, it was acquired by Tal Dilian2, a former commander of the Israel Defense Forces, for under $5 million. The company is a part of Intellexa, an alliance labeled by the University of Toronto’s Citizen Lab as “a marketing label for a range of mercenary surveillance vendors.”

Cytrox’s operations are not confined to North Macedonia; it has a presence in Israel, Greece and Hungary, well, that is at least if we follow the information that has been published online.

Forbes documentary on Intellexa

How Predator Spyware Infects Devices

The main avenue for Predator’s infiltration is through exploiting zero-day vulnerabilities. These are software flaws that even the developers aren’t aware of. A victim receives a seemingly innocent link via email or text, which downloads the malware once clicked.

Why Zero-Day Attacks are a Big Deal

Zero-day vulnerabilities are the holy grail for cybercriminals. They allow attackers to compromise your security even if you’ve updated all your software. These vulnerabilities are the reason why Predator is extremely effective and dangerous.

Incidents and Repercussions

In December 2021, Predator was used to hack Egyptian opposition politician Ayman Nour and an unnamed exiled journalist. This forced Apple to release a software update to close the zero-day exploits. This year, the U.S. Department of Commerce added Cytrox to its Entity List, citing national security risks. In 2022, Al Jazeera reported3 how the Greek government uses spyware like the Predator spyware to monitor journalists.

In an act of corporate responsibility, Meta Platforms banned Cytrox and six other surveillance groups4, removing over 1,500 Facebook and Instagram accounts linked to them.

How to Stay Protected?

Detecting a high-level spyware like Predator is almost impossible for an average person. If you’re suspicious, consulting cybersecurity experts is your best option.

For other potential threats, keep an eye on:

  • Slowed device performance
  • Unexpected pop-up ads
  • Unfamiliar apps or features
  • Issues accessing secure sites
  • Spikes in data usage

Interesting findings

While I was writing this post, I also noticed that the official website leads to a traffic distribution system that leads you to unwanted ads and fake news.

This is what you get when you visit
This is what you get when you visit

When you try to visit (where the R is missing), you will land on a parked domain landing page.

Landing on a parked domain landing page.
Landing on a parked domain landing page.

I continued to see if the Intellexa website is still online, and at the moment of writing, it seems to have been taken offline.

However, when we browse to the LinkedIn page of this company, it still seems to be online.

Protective Measures for Lesser Threats

While Predator is more likely to target high-profile individuals, we shouldn’t ignore the lesser threats. Here are some tips:

  • Use comprehensive cybersecurity tools.
  • Keep your software updated.
  • Be cautious with links and downloads from unknown sources.


  1. ↩︎
  2. ↩︎
  3. ↩︎
  4. ↩︎
Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours