Intellexa’s Predator Exploit Chain: New Details Emerge After Google Publishes Samples

Google’s Threat Intelligence release, corroborated by prior analysis from iVerify and partners, details how Intellexa’s Predator spyware used a multi-stage 2023 exploit chain (WebKit, iOS kernel, CoreTrust bypass) to enable remote, persistent infection of iOS devices; the report highlights code-signature evidence (App Store bundle ID com.elanbenami.EnneaApp and Team IDs 5PN8QLT2JN and RUQSQXY3U9), confirms the CoreTrust bypass technique allowing malicious entitlements, and warns that Intellexa remains an active, prolific exploiter of mobile zero-days and is abusing advertising/zero-click vectors to evade detection.