- Allegations of Israeli Predator spyware use in Pakistan are misleading: Security sources
- Amnesty International’s ‘Intellexa Leaks’ report claims human rights lawyer targeted via WhatsApp link
- Predator spyware reportedly capable of accessing encrypted apps, device data, and microphone
ISLAMABAD: Pakistan on Thursday firmly rejected claims made in a report by Amnesty International, alleging the use of Israeli-manufactured spyware in the country, calling the report an “attempt to malign Pakistan.”
According to security sources, “There is not an iota of truth in it, and all such reports are as baseless and misleading.”
The Amnesty International investigation, titled “Intellexa Leaks,” focused on the case of a human rights lawyer in Pakistan who reportedly received a suspicious link on WhatsApp from an unknown source during the summer of 2025. Amnesty’s Security Lab analyzed the link and identified it as a potential Predator spyware attack attempt. Predator is an advanced surveillance software developed by the Israeli company Intellexa.
The investigation was conducted over several months and relied on a combination of leaked internal company documents, sales and marketing materials, and training videos. It was published in collaboration with Inside Story (Greece), Haaretz (Israel), and WAV Research Collective (Switzerland).
In 2023, Intellexa was fined by the Greek Data Protection Authority for failing to cooperate with regulatory investigations. Google also reportedly issued spyware threat alerts to hundreds of users worldwide, including in Pakistan, identifying potential Predator targets.
According to Amnesty International, Predator uses “1-click” attacks, which require a malicious link to be opened on a target device. Once activated, the spyware exploits browser vulnerabilities in Chrome or Safari, installs the payload, and gains access to encrypted messaging apps like Signal and WhatsApp, emails, device locations, call logs, contacts, screenshots, and the camera and microphone. Data collected is uploaded to a Predator backend server, first routed through the company’s CNC Anonymization Network to protect operators.
The report also highlighted Intellexa’s “Aladdin” infection vector, capable of performing silent zero-click infections via the commercial mobile advertising ecosystem, allowing targets to be compromised without interaction.
Intellexa, according to the report, develops and markets Predator primarily for government use. The company’s internal operations, the report notes, remain largely opaque to researchers and regulators.
Pakistan’s intelligence official reaffirmed that the claims linking the country to Predator spyware activity are completely unfounded and dismissed the report as an attempt to tarnish Pakistan’s image on the global stage.
