Predator’s New “Aladdin” Vector Turns Ads Into Malware Traps
A newly documented method of infection for the spyware known as Predator — developed by surveillance-technology firm Intellexa — shows it can now install itself on a target’s device merely by the user viewing a malicious advertisement. This zero-click mechanism, dubbed “Aladdin,” was uncovered as part of a joint investigation by news outlets and security researchers.
According to leaked internal Intellexa documents and corroborating forensic research by analysts at Amnesty International, Google, and Recorded Future, the system uses the global mobile advertising ecosystem to deliver malware. Ads weaponized by Aladdin are served via normal ad-networks — often disguised as legitimate content on familiar websites or apps. For a selected target, merely rendering the ad is enough: no clicks, no downloads.
These malicious ads are routed through a complex web of shell companies and ad brokers spread across multiple countries, including Ireland, Germany, Switzerland, Greece, Cyprus, UAE and Hungary — making attribution and blocking much more difficult.
What This Means: A Shift in Spyware Risk & What Users Can Do
This delivery method marks a major evolution in spyware threats. Previously, attacks often required a click, a phishing link, or tricking the user to install something. With Aladdin, devices can be compromised silently, without any user interaction. Security analysts warn that this dramatically lowers the bar for successful spyware deployment.
Defending against this kind of threat is more challenging, but not impossible. Experts recommend:
- Enabling ad-blockers or script-blocking in browsers and apps.
- Using network-level protections such as VPNs or DNS filters that block known malicious ad infrastructures.
- Keeping operating systems and applications up to date — as some attacks rely on exploiting unpatched vulnerabilities, particularly on mobile platforms.
Additionally, many global spyware operators — including Intellexa — have faced sanctions in recent years, yet evidence suggests that Predator remains active, with its infrastructure evolving to evade detection.
The rise of Aladdin highlights that spyware authors are adapting rapidly — shifting from social-engineering and phishing to automated, stealthy delivery mechanisms. For individuals and organisations concerned about privacy and security, vigilance and layered defense remain essential.
