Citizen Lab teamed up with the threat-intel team at Facebook parent company Meta to expose Cytrox alongside a handful of PSOAs (private sector offensive actors) in the murky surveillance-for-hire industry.

In a detailed technical report published late Thursday, Citizen Lab said Cytrox is responsible for a piece of iPhone eavesdropping malware that was planted on phones belonging to two notable Egyptians.

The malware, called Predator, was able to infect the then-latest iOS version (14.6) using single-click links sent via WhatsApp.