Maps
Magazine

WORLD NEWS

Israeli-Made Predator Spyware Detected in Pakistan: Amnesty Investigation
Amnesty International confirms Israeli-made Predator spyware was actively used in Pakistan — first reported case targets Balochistan rights lawyer. Highly invasive tool can access messages, photos & even microphones.
MH
by Muhammad Hashir
2025-12-04
Israeli-Made Predator Spyware Detected in Pakistan: Amnesty Investigation

A months-long global investigation by Amnesty International has revealed that Predator — a sophisticated Israeli-made spyware linked to major human rights violations worldwide — has been actively used in Pakistan. This marks the first known instance of Predator targeting individuals inside the country.

The findings were published on Thursday as part of the “Intellexa Leaks,” a detailed exposé based on leaked internal documents from Intellexa, the Israeli company behind Predator. The spyware is known for its ability to infiltrate phones through highly targeted one-click and potentially zero-click attacks.

First Case in Pakistan

According to Amnesty International, the investigation began when a human rights lawyer from Balochistan contacted the organisation after receiving a suspicious WhatsApp link from an unknown number in mid-2025.

Amnesty’s Security Lab analysed the link and confirmed that its infrastructure and technical behavior matched previous Predator-hosted infection servers. Highly specific characteristics — such as one-time-use infection URLs — aligned with earlier Predator attacks observed in other countries.

This is the first documented case of Predator being deployed against someone in Pakistan, even though Intellexa is based in Israel, a country with which Pakistan has no diplomatic ties.

A Global Investigation

The Intellexa Leaks project is the result of collaboration between Amnesty International, Inside Story (Greece), Haaretz (Israel), and the Swiss-based WAV Research Collective. The leak includes internal company files, sales materials, training videos, and other sensitive documents.

Intellexa declined to respond to Amnesty’s detailed queries about its spyware, operations, and clients. The company had previously been fined by the Greek Data Protection Authority in 2023 for obstructing an investigation into its activities.

Google has also begun issuing spyware alerts to hundreds of users worldwide — including individuals in Pakistan — believed to have been targeted with Predator.

How Predator Operates

Predator infects devices primarily through “1-click” attacks, where victims must click a specially crafted malicious link. Once opened, the link triggers a browser exploit in Chrome or Safari and installs the spyware.

Once activated, Predator can:

  • Access encrypted apps like WhatsApp and Signal
  • Extract audio, emails, location data, photos, and passwords
  • Activate the device's microphone
  • Upload all surveillance data to a locally hosted Predator server

The spyware uses an anonymization chain called the “CNC Anonymization Network” to hide the operator’s identity during attacks.

Intellexa also reportedly developed a newer infection method, code-named “Aladdin,” designed to execute silent, zero-click attacks using mobile advertising networks — meaning the target does not even need to tap a link.

A Shadowy Surveillance Network

Intellexa markets its spyware to governments around the world. However, its internal operations have long remained opaque. The Intellexa Leaks shed unprecedented light on the scale and sophistication of its surveillance capabilities — as well as the global spread of Predator targeting journalists, dissidents, lawyers, and political figures.

For Pakistan, the report raises serious concerns about who acquired the spyware, who deployed it, and how widely it may have been used.
Tagged:

AmnestyInternational

PredatorSpyware

IntellexaLeaks

CyberSurveillance
Share News: