Citizen Lab said in a blog post that recent attempts to hack former Egyptian lawmaker Ahmed Altantawy involved configuring his connection to the Vodaphone Egypt mobile network to automatically infect his devices with the Predator spyware if he visited certain websites not using the secure HTTPS protocol.

Citizen Lab had previously identified Egypt as a customer of Predator’s maker, Cytrox, and determined that Altantawy’s phone was successfully hacked with it in 2021 in a separate incident.

Citizen Lab also previously documented Predator infections affecting two exiled Egyptians, and in a joint probe with Facebook determined that Cytrox had customers in countries including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia and Serbia.

Altantawy, a former journalist and lawmaker, announced in March his bid to challenge incumbent President Abdel Fatah el-Sissi in 2024, who has overseen a sharp crackdown on political opposition.

Apple offers lockdown mode for iPhone users at high risk of being targeted with spyware, who include human rights activists, journalists and opposition politicians in countries like Egypt.

In July, the U.S. added Predator’s maker, Cytrox, to its blacklist for developing surveillance tools deemed to have threatened U.S. national security as well as individuals and organizations worldwide.

Saved 64% of original text.