KEY POINTS
- A prominent Angolan journalist’s phone was secretly infected with Predator spyware in 2024.
- The infection stemmed from a harmful link sent via messaging app, granting full device access.
- Amnesty International’s report marks the first documented use of Predator spyware against media in Angola.
A leading Angolan journalist and media figure had his personal smartphone infected with advanced surveillance software in May 2024, according to a new report by Amnesty International released this week.
The target, Teixeira Cândido, previously led the Syndicate of Angolan Journalists, one of the country’s most prominent press freedom organizations. The spyware incident represents a rare confirmed case of Predator software being used against a civil society actor in Angola.
Amnesty’s analysis indicates that the attack began in April 2024 when Cândido received a sequence of messages via a popular messaging platform. One message contained a malicious link. Investigators believe that when Cândido clicked the link, Predator spyware was activated and quietly installed itself on his device.
Once the spyware was operational, whoever controlled it could access almost all contents of the phone. That access reportedly included stored communications, files, and other private information, although Cândido said he does not know what was accessed or extracted.
Predator is a powerful commercial spyware tool developed by cybersecurity firm Cytrox. It is designed to infiltrate both Android and iOS devices using sophisticated exploit techniques, offering attackers extensive remote control over compromised devices.
Amnesty International’s Security Lab, which conducted the forensic examination of Cândido’s device, said this represents the first publicly documented use of Predator spyware in Angola. The organization did not identify who purchased or deployed the software against him.
Cândido told Reuters in an email that the experience left him feeling exposed and vulnerable. “I feel exposed, as if I were taking a shower with the bathroom door wide open,” he said, emphasizing that he still does not know the identity of the attackers or their motives.
Efforts by Reuters to reach a representative of the spyware’s maker for comment were unsuccessful. A lawyer connected to the company did not reply to requests for comment, the report said.
Commercial spyware like Predator has been linked to a range of privacy abuses in recent years. Digital security researchers and U.S. officials have previously accused tools such as Predator of facilitating intrusive surveillance by government clients, human rights groups, and other operators.
In many cases around the world, victims of commercial spyware are unaware of the breach until forensic teams uncover the infection. Amnesty’s findings in this case were based on detailed analysis of the phone’s software behavior and indicators of compromise.
Journalists, human rights defenders, and political dissidents are frequent targets of high-end digital surveillance because their work often challenges powerful interests or exposes sensitive information. Digital rights advocates argue that such spyware can chill free expression and undermine media independence when used against members of the press.
Spain’s legal and policy response to commercial spyware has been evolving, with debates over how these tools should be regulated and controlled. In late 2025, U.S. authorities removed several executives from a sanctions list associated with the spyware maker, noting steps claimed to separate them from the controlling consortium. It remains unclear how that action affects the broader use or sale of Predator software.
Predator spyware has been tied to global surveillance campaigns in multiple countries, and researchers have documented instances where political figures, journalists, and activists were covertly monitored without consent. Before the Angola case, Predator was identified in other incidents, including in Europe, where investigative journalists and politicians were compromised.
Online privacy experts say commercial spyware like Predator thrives in legal gray zones, often sold to governmental or quasi-governmental entities with limited transparency. Without strong oversight or clear attribution, victims and civil liberties groups are left searching for answers and accountability after the fact.
Amnesty’s report on Cândido’s case may reinforce wider calls for tighter international controls on the export and use of intrusive surveillance technologies. Advocates argue that states should enforce stricter safeguards to prevent misuse against journalists and human rights defenders.
For now, the diplomatic and legal ramifications of this specific event remain uncertain. Cândido and digital rights organizations continue to push for clarification on who targeted his phone and why, framing the episode as part of a broader fight to defend press freedom and digital security in Angola and beyond.
