"Mercenary spyware" is the term researchers use for surveillance software built and sold by private vendors to government clients. The best-documented example is Pegasus, made by the Israeli firm NSO Group, but it is one product in a crowded market that includes Intellexa's Predator, Cytrox, Candiru, and others. The business model is the same across vendors: license the tool to a state agency, charge by the number of targets, and provide the exploits that get the software onto a device.
The reason this matters beyond the headlines is that mercenary spyware sits at the very top of the threat hierarchy. It is the answer to the question "what can an adversary do if money is no object and the target is one specific person?" Most people are not worth that money. But the people who are, including reporters, opposition figures, and human rights lawyers, need to understand the mechanism rather than the marketing.
What "Zero-Click" Means
Older phone compromises required the target to do something: tap a link, open an attachment, install an app. Defenders could teach people not to click. The defining feature of modern mercenary spyware is that it removed that requirement. A zero-click exploit compromises a device with no interaction from the user at all.
The delivery surface is usually a messaging or media-parsing component that processes incoming data automatically. When your phone receives a message, it may render a preview, decode an image, or parse a file format before you have even looked at the notification. If that parser has a memory-corruption bug, a maliciously crafted message can trigger it. The 2021 FORCEDENTRY exploit documented by Citizen Lab abused Apple's image-rendering code through an iMessage attachment, reaching code execution without a single tap. Apple patched it and later sued NSO Group over it.
Zero-click means user education does not help. There is no link to avoid and no attachment to ignore. The exploit fires while the operating system is doing its normal job of handling an incoming message. This is why "just be careful what you click" is not a defense against this threat class.
The Exploit Chain
A single bug is rarely enough. Modern phones layer their defenses: a parser runs in a sandbox, the sandbox limits what compromised code can reach, and the kernel sits behind further protections. Getting from "I corrupted memory in a message parser" to "I own the whole phone" requires chaining several vulnerabilities together. Each link defeats one layer.
- Initial access through a bug in a parser or network-facing service, giving limited code execution inside a sandboxed process.
- Sandbox escape that breaks out of the restricted process into broader system access.
- Privilege escalation, usually a kernel bug, that takes control of the operating system itself.
- Persistence or cleanup, where the implant either survives reboots or deliberately does not, depending on the operator's goals.
Each of these stages relies on a vulnerability the vendor either found or bought. That is why these tools are expensive and why the underlying bugs trade for large sums on the zero-day exploit market. A working zero-click chain against a current, fully patched phone is among the most valuable things in offensive security.
What the Implant Does Once It Is In
The point of the chain is to install an implant: the software that actually does the spying. Once running with full privileges, it sits below the layer where your encryption lives. This is the critical thing to understand about endpoint compromise and why it defeats end-to-end encryption.
End-to-end encryption protects a message in transit between two devices. It does nothing once the message is decrypted and displayed on a screen, because at that point it is plaintext in the device's memory. An implant with kernel access can read that plaintext directly. It can also turn on the microphone and camera, copy your photos and files, extract your stored credentials, and read your location history. The encryption was never broken. The endpoint was.
A compromised endpoint sees everything you see, because it is sitting where you sit. No messaging protocol, however sound, can protect plaintext from the operating system that is rendering it.
Who Is Actually Targeted
Because each deployment consumes valuable exploits and risks burning them when discovered, mercenary spyware is used selectively. Investigations by Citizen Lab, Amnesty International's Security Lab, and Access Now have documented targets that cluster around a recognizable pattern: investigative journalists, political dissidents, human rights defenders, lawyers representing sensitive clients, and the family members and associates of those people.
If you are not in or adjacent to one of those categories, the realistic probability that a state will spend a six-figure exploit chain on you is low. Honesty about threat models cuts both ways. Overstating personal risk leads to paralysis and wasted effort. Understating the risk for genuinely targeted people leaves them exposed. The right question is not "could this happen to anyone" but "am I the kind of person a state would pay to surveil."
What Realistically Reduces Exposure
No consumer measure makes you immune to a determined state with a fresh exploit chain. But several measures raise the cost, shorten the window, and in some documented cases have blocked specific attacks.
| Measure | What it does against this threat |
|---|---|
| Patch immediately | Most chains rely on bugs the vendor will eventually fix. Installing updates the day they ship closes known links and shortens the operator's window. |
| Reboot regularly | Some implants are non-persistent and live only in memory. A reboot can evict them, forcing re-infection and another expensive exploit attempt. |
| Hardened modes | Apple's Lockdown Mode disables the message-rendering and parsing features that zero-click chains abuse. It has blocked real attacks at the cost of convenience. |
| Hardened devices | GrapheneOS reduces attack surface and adds exploit-mitigation features beyond stock Android for high-risk users. |
| Compartmentalize | Keeping the most sensitive contacts on a separate, minimal device limits what a single compromise exposes. |
For people who believe they may be targeted, the practical step is contact with the organizations that do this work. Access Now runs a Digital Security Helpline, and Citizen Lab and Amnesty's Security Lab investigate suspected infections. These groups can perform forensic analysis that an individual cannot.
Why This Shapes How We Think About Security
Mercenary spyware is a useful clarifier because it forces honesty about the limits of any tool. A messaging app cannot protect you from an adversary who owns your phone. What an application can do is make sure it is not itself the weak link: minimize the metadata it generates, encrypt what it stores at rest so a forensic extraction yields less, and use protocols that are open and auditable rather than asking you to trust a closed claim.
That is the posture we take with Haven. We are honest that no app defeats a compromised endpoint, and we focus on the parts we can actually control: at-rest encryption on the device, minimal metadata, and an open protocol stack you can verify. The goal is to never be the easy part of an attack, while being clear-eyed that the hard threats live below the app.