A newly uncovered zero-click attack method shows that the Predator spyware — built by surveillance firm Intellexa — can now compromise a device simply because the user views a malicious advertisement. No clicks, no downloads, and no interaction of any kind.
The technique, internally referred to as “Aladdin”, was revealed through leaked Intellexa documents and confirmed by forensic research from Amnesty International, Google’s Threat Analysis Group, and Recorded Future. The discovery marks one of the most significant escalations in commercial spyware capability to date.
How Aladdin Weaponises the Global Ad Ecosystem
The Aladdin vector turns everyday online ads into delivery vehicles for malware. The spyware is injected into advertisements served through legitimate ad networks, appearing on normal websites and apps.
When the system identifies a target, the malicious ad is selectively shown to them. The moment the ad loads on their screen, the infection begins — no taps or permissions required.
Investigators found that the infrastructure supporting these attacks is routed through a sprawling chain of shell companies and intermediaries in Ireland, Germany, Switzerland, Greece, Cyprus, the UAE and Hungary, making attribution and takedown extremely difficult.
A New Phase in Spyware Evolution
Historically, spyware attacks relied on social engineering: phishing links, fake apps, or tricking users into enabling installations. The Aladdin method represents a shift toward automated, invisible compromise, dramatically lowering the skill barrier and increasing potential attack scale.
Security researchers warn that this mirrors a broader trend: commercial spyware vendors are moving away from user-triggered exploits toward silent delivery systems that exploit browser and OS vulnerabilities in real time.
What Users and Organisations Can Do
While defending against this level of sophistication is difficult, experts recommend layered precautions:
Using reputable ad-blockers or script-blocking tools in browsers.
Deploying network-level protections such as DNS filters or secure gateways that can intercept malicious ad traffic.
Ensuring frequent OS and app updates, as zero-day exploits often rely on unpatched systems.
Strengthening mobile threat defence in enterprise environments, especially for high-risk roles like journalists, diplomats, executives and political figures.
Despite sanctions imposed on Intellexa and related companies, Predator remains active and is adapting rapidly. The rise of Aladdin underlines a simple reality: spyware authors are shifting to scalable, stealth-based attack models, and traditional user-awareness-based defences are no longer enough on their own.
