Pakistan dismissed an Amnesty International report on Thursday that claimed spyware, made by an Israeli company, was being actively used in the country.
According to a senior intelligence official who spoke with Sunrise On condition of anonymity, the report was “complete garbage.”
“There is no iota of truth in this and it is an attempt to defame Pakistan,” he said.
The official was referring to Amnesty International’s investigation, titled “Intellexa Leaks,” which described the story of a human rights lawyer based in Pakistan. The lawyer, according to the report, had approached Amnesty International in the summer of 2025 after receiving a suspicious link on WhatsApp from an unknown number.
Amnesty Security Lab investigated the link and identified it as an attempted Predator attack based on the technical behavior of the infection server. Predator is highly invasive spyware manufactured by the Israeli company Intellexa.
According to Amnesty International, the investigation was based on a combination of highly confidential documents and other leaked company material, including internal company documents, sales and marketing materials, and training videos.
The months-long research was published in collaboration with Inside story in Greece, Haaretz in Israel and WAV Research Collective in Switzerland.
In 2023, Intellexa was fined by the Greek Data Protection Authority for failing to comply with its investigations into the company.
Google has started sending spyware threat notifications to several hundred of its users in several countries, including Pakistan. The accounts were identified as targets of Predator spyware.
How Predator works
Intellexa’s Predator relies on “1-click” attacks to infect a device, requiring a malicious link to be opened on the target’s phone. The malicious link then loads a browser exploit for Chrome or Safari to gain initial access to the device and download the full spyware payload.
Once the spyware is installed, you can access encrypted instant messaging apps like Signal and WhatsApp, audio recordings, emails, device locations, camera screenshots and photos, stored passwords, contacts and call logs. It also activates the device’s microphone.
The spyware then communicates and uploads surveillance data to a Predator backend server physically located in the customer’s country.
All spyware data is first transmitted through a chain of anonymization servers, called the “CNC Anonymization Network” to avoid the risk of operator exposure to the 1-click attack link.
The surveillance company overcame the exposure limitation by using different approaches to trigger the opening of an infection link on the target’s phone, without requiring the target to manually click on the link.
Intellexa also developed a strategic infection vector, ‘Aladdin’, that could enable silent, click-free infections of target devices anywhere in the world. The vector exploits the commercial mobile advertising ecosystem to carry out these infections.
Intellexa is a surveillance company that develops spyware, with Predator as its flagship product, and sells it for use by governments. According to the investigation, investigators were largely unaware of the company’s internal operations.
