For a long time, commercial spyware vendors have defended their companies by arguing that they sell their products to government agencies in support of national security and law enforcement, and that the vendors themselves have little control over how their clients use those products. However, at least one vendor's claims are further undermined by recent research. The notorious Predator spyware employs a complex set of anti-analysis features that generate data about unsuccessful deployments that operators can utilize to boost the efficacy of subsequent attacks, according to a blog post published yesterday by mobile security company Jamf.

Additionally, the anti-analysis features imply that Intellexa, the commercial spyware company that owns Predator, has far greater visibility and control over deployments than previously believed.

In their December 2024 study, researchers at Jamf reverse-engineered a sample of the iOS spyware released by Google's Threat Intelligence Group and Citizen Lab. ## How Much Power Do Vendors of Spyware Have? Amnesty International and a number of media outlets, including Inside Story, Haaretz, and WAV Research Collective, jointly released a series of investigative reports based on leaked materials from Intellexa, a group of tech companies that took over Cytrox, the North Macedonian company that developed Predator, in addition to the research conducted by Google and Citizen Lab last month.

Both the technical specifics of Predator attacks and the inner workings of the commercial spyware company were disclosed in the investigative reports.

Amnesty International claims that Intellexa's ability to remotely access Predator customers' systems, including those situated within the networks of its government clients, was one of the most grave revelations. The degree of visibility and control these vendors have over spyware deployments—which are usually concentrated on mobile devices and communications—is unknown.