Infection usually starts through malicious links and fake apps, but it is also taking place via “more subtle methods,” says Richard LaTulip, a field CISO at security company Recorded Future, which data-offer-url=”https://www.recordedfuture.com/research/intellexas-global-corporate-web” class=”external-link” data-event-click=”{"element":"ExternalLink","outgoingURL":"https://www.recordedfuture.com/research/intellexas-global-corporate-web"}” href=”https://www.recordedfuture.com/research/intellexas-global-corporate-web” rel=”nofollow noopener” target=”_blank”>collaborated with Google’s threat intelligence team on the Predator spyware findings.
LaTulip cites the example of recent research on data-offer-url=”https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/” class=”external-link” data-event-click=”{"element":"ExternalLink","outgoingURL":"https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/"}” href=”https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/” rel=”nofollow noopener” target=”_blank”>malicious browser extensions affecting millions of users that shows “how seemingly harmless tools can become surveillance devices.”
These techniques, often developed by…
