Predator spyware used to infect phone belonging to Angolan journalist, report says

Steven

Predator spyware used to infect phone belonging to Angolan journalist, report says

Summary

Amnesty International’s report says a prominent Angolan journalist and press freedom advocate, Teixeira Cândido, had his iPhone infected with Predator spyware in May 2024 — the first documented Predator case in Angola. The infection followed WhatsApp messages from an unknown Angolan number; Cândido clicked a malicious link on 4 May and Predator was installed, though it was removed when the phone was restarted that evening. Subsequent infection links sent by the attacker failed because they weren’t opened.

Forensic traces and known Predator domains in the links led Amnesty to attribute the attack to the Intellexa Consortium’s Predator tool. The report highlights that Predator continues to be used despite Intellexa being placed on the US Entity List in July 2023 and certain executives being sanctioned in 2024. Amnesty has also documented Predator-linked targeting in other countries, including a 2025 case in Pakistan.

Author’s take (punchy): This isn’t just another hack story — it’s proof that powerful commercial spyware keeps turning up against journalists and lawyers even after sanctions. Read the details if you care about press freedom or digital security.

Key Points

  • Amnesty found Predator spyware on Angolan journalist Teixeira Cândido’s phone following a malicious WhatsApp link clicked on 4 May 2024.
  • The infection was short-lived — the spyware was removed when the phone was restarted — but later links attempted by the attacker showed persistent targeting.
  • Forensic evidence and known Predator infection domains tied the attack to the Intellexa Consortium’s Predator tool.
  • Intellexa has been placed on the US Entity List (July 2023) and had executives sanctioned in 2024, yet Predator use continues internationally.
  • The attack used social engineering: the attacker impersonated a student, built rapport, then sent links disguised as news or genuine sites.
  • Amnesty has reported other Predator-linked incidents, including a December 2025 finding of targeting in Pakistan.

Why should I read this?

Because this story shows how commercial spyware keeps slipping through the cracks — even after sanctions. If you follow journalism safety, state surveillance or digital privacy, the piece explains who was hit, how they were tricked (WhatsApp links and social engineering) and why these tools still matter globally. It’s short, sharp and worth your two minutes.

Source

Source: https://therecord.media/predator-spyware-used-to-infect-phone-angola-journalist