Angolan Journalist Teixeira Candido Targeted with Predator Spyware in Surveillance Campaign
Published
Key Takeaways
- High-Profile Target: Prominent Angolan journalist Teixeira Candido had his phone infected with Predator spyware in May 2024, according to a report from Amnesty International.
- Attack Vector: The infection was triggered when Candido clicked a malicious link in a series of WhatsApp messages, a common social engineering tactic.
- Spyware Used: The attack used Predator, a powerful surveillance tool from the vendor Intellexa, granting the attackers full access to the journalist's device.
Amnesty International has confirmed that a phone belonging to Teixeira Candido, a prominent Angolan journalist and former head of the Syndicate of Angolan Journalists, was compromised with Predator spyware. The report details how Candido was targeted with a series of WhatsApp messages beginning in April 2024.
The Predator spyware attack was successfully executed on May 4, 2024, after he clicked a malicious link embedded in a message. This incident marks the first confirmed use of Predator spyware in Angola.
The Impact of Spyware Targeting Media
The infection gave the attackers complete access to the contents of Candido's phone, the Amnesty International report said. The attackers used a social engineering scheme, posing as students seeking his opinion on a project to build trust and lure him into clicking the malicious link.
The journalist told Reuters he feels exposed, as the incident occurred amid a “tightening” authoritarian environment in Angola under President João Lourenço’s administration. Amnesty International did not attribute this specific attack to a government customer.
Predator spyware can activate the microphone and gain total access to the infected device’s data, including:
- encrypted messaging apps,
- audio recordings,
- emails,
- device locations,
- screenshots,
- photos,
- stored passwords,
- contacts
- call logs
The spyware is designed to leave no traces on the target’s device and “is fundamentally incompatible with human rights,” Amnesty says.
Cybersecurity for Journalists Becomes Critical
The use of commercial spyware, such as Predator, against civil society figures remains a major global concern. Such intrusions outline the significant personal and professional risks posed by spyware targeting media professionals, who often handle sensitive information and communicate with confidential sources.
The Intellexa Consortium, the vendor behind Predator, has previously been sanctioned by the U.S. government for its role in developing and selling invasive surveillance tools. In late 2025, the U.S. Treasury lifted sanctions on executives previously linked to Intellexa and Predator.
Recently, Citizen Lab found indicators of Cellebrite on a personal phone belonging to Kenyan activist Boniface Mwangi, who has repeatedly been jailed for criticizing the government. In another report, Amnesty International confirmed that NSO’s Pegasus spyware was used to target Serbian journalists as recently as February 2025.
Paragon Spyware targeted Italian political consultant Francesco Nicodemo in November 2025. A few months earlier, it also targeted Italian investigative journalists Ciro Pellegrino and Fanpage’s Francesco Cancellato, after Paragon cut ties with the Italian government amid a Graphite scandal.
Recently, the members of a controversial Israeli government inquiry into the police's alleged illicit use of spyware resigned, citing law enforcement hindrance.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular