Predator Spyware Uses Zero-Click Infection via Ads

The Predator spyware from Intellexa uses a zero-click infection mechanism called 'Aladdin,' which compromises targets by viewing malicious advertisements. This infection vector is hidden behind shell companies spread across multiple countries. The mechanism leverages the commercial mobile advertising system to deliver malware, forcing weaponized ads onto specific targets identified by their public IP address and other identifiers. The ads trigger redirections to Intellexa’s exploit delivery servers, funneled through a complex network of advertising firms. Defending against these malicious ads is complex, but blocking ads on the browser and hiding the public IP from trackers are potential defense measures.