TLDR
Same family of mercenary spyware (Intellexa Predator, FinFisher FinSpy, Hermit) targets Android via zero click or 1 click exploits — often delivered via SMS link or maliciously crafted MMS. Multiple 2024 reports of activists in Italy,...
How it works
Same family of mercenary spyware (Intellexa Predator, FinFisher FinSpy, Hermit) targets Android via zero click or 1 click exploits — often delivered via SMS link or maliciously crafted MMS. Multiple 2024 reports of activists in Italy,...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1Multiple 2024 reports of activists in Italy, France, US targeted.
- 2DO: factory reset on suspicion + reflash OEM stock; switch to GrapheneOS for high risk roles; never tap unknown SMS links; enable Google Advanced Protection.
- 3IF VICTIM: do not reset — preserve device for forensic (Amnesty Tech MVT), report Citizen Lab.
Source
FAQ
Is Android equivalent — Predator / FinSpy / Hermit zero click against journalists a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
Multiple 2024 reports of activists in Italy, France, US targeted.; DO: factory reset on suspicion + reflash OEM stock; switch to GrapheneOS for high risk roles; never tap unknown SMS links; enable Google Advanced Protection.; IF VICTIM: do not reset — preserve device for forensic (Amnesty Tech MVT), report Citizen Lab.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.