Spyware hidden in online ads

European consortium Intellexa is thought to have developed new spyware that is installed after clicking on a targeted ad.

On April 11, 2024, the Israeli newspaper Haaretz published an investigation into Aladdin, a new spyware program developed by European consortium Intellexa. The spyware could potentially infect Android and iOS smartphones after a simple click on a targeted ad online. Greek and Israeli journalists were able to access internal documents of Intellexa, including a demonstration on how to infect a target with Aladdin.

The firm cites examples of malicious ads, capable of “targeting graphic designers, activists, with job opportunities,” reads the investigation by Haaretz. However, journalists do not know whether Intellexa is done developing Aladdin and, more importantly, if the consortium has sold it to State actors.

Led by a former Israeli intelligence officer, Tal Dilian, Intellexa is a conglomerate of European companies specializing in spyware. The French firm Nexa is one of its pillars. Aside from the information on Aladdin, the documents examined in the investigation contain a sales pitch to a customer, listing all of the consortium’s spyware programs.

Haaretz journalists also spotted a document in which Intellexa sets limits on how customers can use their software, a “first” in this sort of matter. Furthermore, the conglomerate outlines a legal framework for these uses. Journalists see these precautions as a reaction to the scandals that have tainted Intellexa. Indeed, State governments used Predator, a spyware program marketed by the consortium, to illegally spy on opponents and activists, particularly in Greece.