Intellexa Leaks: Pakistan Denies Use of Israeli ‘Predator’ Spyware

Pakistan has firmly dismissed claims regarding the use of Israeli spyware within its borders. Reportedly, a senior intelligence officer rejected the findings of a new Amnesty International report on Thursday. Speaking on condition of anonymity, the official termed the report an attempt to malign Pakistan. The officer stressed that there is not an iota of truth in it.

The denial responds to the “Intellexa Leaks” investigation published by Amnesty International. The report details the story of a Pakistan-based human rights lawyer. According to the investigation, the lawyer approached Amnesty in the summer of 2025. They had received a suspicious link on WhatsApp from an unknown number.

Amnesty Security Lab analysed the link. They identified it as a Predator attack attempt based on the infection server’s technical behaviour.

Intellexa: The Tech Behind the Threat

Predator is a highly invasive spyware manufactured by the Israeli surveillance company, Intellexa. The firm sells its products specifically for government use.

According to the report, Intellexa’s Predator primarily relies on “1-click” attacks. This method requires the target to open a malicious link on their phone. The link loads a browser exploit for “Chrome” or “Safari”. Consequently, the tool gains access to the device and downloads the full spyware payload.

However, the threat evolves beyond simple links. Intellexa also developed a strategic vector called “Aladdin”. This mechanism enables silent “zero-click” infections. It exploits the commercial mobile advertising ecosystem to infect devices worldwide without any user interaction.

Invasive Surveillance Capabilities

Once Predator infects a phone, it bypasses standard security measures. The spyware accesses encrypted messaging apps like “Signal” and “WhatsApp”. It can also retrieve emails, call logs, stored passwords, and contacts.

Furthermore, the software turns the device into a monitoring tool. It activates the microphone, records audio, tracks real-time locations, and captures screenshots or camera photos.

The investigation reveals that the spyware uploads this surveillance data to a backend server. This server is physically located in the customer’s country. To hide the operator’s identity, data is relayed through a “CNC Anonymization Network.”

Global Context & Warnings

The “Intellexa Leaks” investigation involved collaboration with Inside Story (Greece), Haaretz (Israel), and WAV Research Collective (Switzerland). It relied on leaked internal documents, marketing materials, and training videos.

This is not the first red flag regarding Intellexa. In 2023, the Greek Data Protection Authority fined the company for failing to comply with investigations.

Additionally, Google has started sending spyware threat notifications. The tech giant alerted several hundred users across various countries, including Pakistan. These notifications explicitly identified the accounts as targets of Predator spyware.