Pakistan rubbished an Amnesty International report on Thursday which claimed that a spyware, manufactured by an Israeli company, was actively being used in the country.
According to a senior intelligence officer, who spoke to Dawn on condition of anonymity, the report was “complete rubbish”.
“There is not an iota of truth in it and it is an attempt to malign Pakistan,” he said.
The official was referring to the Amnesty International investigation, titled “Intellexa Leaks”, which described the story of a human rights lawyer based in Pakistan. The lawyer, according to the report, had approached Amnesty International in the summer of 2025 after receiving a suspicious link on WhatsApp from an unknown number.
Amnesty Security Lab investigated the link and identified it as a Predator attack attempt based on the technical behaviour of the infection server. Predator is a highly invasive spyware manufactured by the Israeli company Intellexa.
According to Amnesty International, the investigation was based on a combination of highly sensitive documents and other material leaked from the company, including internal company documents, sales and marketing materials, and training videos.
The months-long investigation was published in collaboration with Inside Story in Greece, Haaretz in Israel, and WAV Research Collective in Switzerland.
In 2023, Intellexa was fined by the Greek Data Protection Authority for failing to comply with its investigations into the company.
Google started sending spyware threat notifications to several hundred of its users across various countries, including Pakistan. The accounts were identified as Predator spyware targets.
How Predator works
Intellexa’s Predator relies on “1-click” attacks to infect a device, which require a malicious link to be opened in the target’s phone. The malicious link then loads a browser exploit for Chrome or Safari to gain initial access to the device and download the full spyware payload.
Once the spyware is installed, it can access encrypted instant messaging apps like Signal and WhatsApp, audio recordings, emails, device locations, screenshots and camera photos, stored passwords, contacts, and call logs. It also activates the device’s microphone.
The spyware then communicates with, and uploads surveillance data to, a Predator backend server physically located in the customer’s country.
All data from the spyware is first relayed through a chain of anonymization servers, termed the “CNC Anonymization Network” to prevent the risk of exposure for the operator with the 1-click attack link.
The surveillance company overcame the limitation of exposure by using different approaches to trigger the opening of an infection link on the target’s phone, without requiring the target to manually click the link.
Intellexa also developed a strategic infection vector, ‘Aladdin,’ which could enable silent zero-click infections of target devices anywhere in the world. The vector exploits the commercial mobile advertising ecosystem to carry out these infections.
Intellexa is a surveillance company that develops spyware, with Predator as its signature product, and sells it for use by governments. According to the investigation, the company’s internal operations remained largely unknown to researchers.
