A forensic investigation by Amnesty International has confirmed the first known use of the invasive “Predator” spyware in Angola, targeting one of the country’s most vocal advocates for press freedom.
Teixeira Cândido, a jurist and former Secretary General of the Syndicate of Angolan Journalists (SJA), was successfully hacked in May 2024.
The discovery, detailed in a technical briefing titled Journalism under attack: Predator spyware in Angola, highlights a sophisticated campaign to silence dissent within the Southern African nation.
For Cândido, Securitynewsalert.com heard, the revelation that his digital life was laid bare has fundamentally altered how he navigates the world.
“I feel naked knowing that I was the target of this invasion of my privacy,” Cândido told investigators. “I don’t know what they have in their possession about my life… Now I only do and say what is essential. I don’t trust my devices. I exchange correspondence, but I don’t deal with intimate matters on my devices. I feel very limited.”
The psychological toll of the surveillance has been immediate. Cândido noted that he now avoids discussing personal matters digitally, effectively silencing his private communications.
The breach was executed through a “social engineering” scheme on WhatsApp. Between April and June 2024, an attacker posing as a student interested in Angolan socio-economics spent weeks building rapport with Cândido.
On May 4, 2024, Cândido clicked a malicious link disguised as a news article. According to Amnesty’s Security Lab, this single click allowed the Predator spyware developed by the mercenary firm Intellexa to gain unrestricted access to his iPhone.
While the infection was likely cleared when the phone was restarted later that evening, the attacker continued to send 11 additional malicious links over the following six weeks in failed attempts to re-infect the device.
The Predator spyware is a highly invasive tool capable of accessing encrypted messages, photos, and emails. It can also track real-time GPS locations and activate the device’s microphone to record conversations. Because the software is designed to leave no traces, it makes independent audits of potential abuses nearly impossible.
Despite international sanctions and criminal investigations against Intellexa and its senior executives, the company’s tools remain operational. Similar attacks were documented as recently as 2025 in Pakistan, providing further evidence that the spyware system continues to be sold and used in jurisdictions unknown until now.
The targeting of Cândido comes amid what rights groups describe as a tightening authoritarian environment under President João Lourenço’s administration. Since 2022, Cândido has faced a pattern of intimidation, including unexplained break-ins at his office and harassment.
Amnesty International noted that while the forensic evidence links the attack to Intellexa’s systems, they cannot yet attribute the hack to a specific government customer. However, the organisation stressed that such surveillance is fundamentally incompatible with human rights and has a chilling effect on the ability of journalists to do their work.
