Amnesty International has revealed that highly invasive Israeli-made spyware was used in an attempted attack on a human rights lawyer in Balochistan, marking the first documented case of Predator spyware detected in Pakistan.
In a new investigation released on Thursday as part of the “Intellexa Leaks,” Amnesty said the lawyer contacted its Security Lab in the summer of 2025 after receiving a suspicious WhatsApp link from an unknown number. Technical analysis showed the link was part of a Predator “1-click” attack attempt, matching infection methods previously seen in Greece and Egypt.
Amnesty said the targeting occurred amid intensifying restrictions on activists and human rights defenders in Balochistan, including frequent internet shutdowns and reports of surveillance of lawyers, journalists and families campaigning against enforced disappearances.
Predator is developed by Intellexa, an Israeli surveillance consortium described by researchers as a “mercenary spyware company.” The spyware has been linked to unlawful surveillance operations in multiple countries, and leaked internal documents offer a rare glimpse into how the system is built, deployed and operated.
According to Amnesty, Predator allows operators to access encrypted messaging apps such as WhatsApp and Signal, emails, stored passwords, photos, audio recordings, device locations and call logs.
It can also activate the phone’s microphone. Once installed, the spyware routes all collected data through a chain of anonymisation servers designed to hide the operator’s identity before sending it to a backend server located inside the customer’s country.
Leaked Intellexa files reviewed by Amnesty and media partners show that the company has developed advanced infection tools, including a system called Aladdin that can silently infect a device through a malicious digital advertisement, without requiring the target to click anything.
Google has separately issued spyware threat notifications to several hundred users across multiple countries, including Pakistan, identifying them as potential Predator targets.
Amnesty said it is continuing to investigate the Balochistan case and will release further findings. The organisation said the attempted attack highlights the expanding digital threat facing civil society in Balochistan, where rights groups say activists and lawyers already operate under intense pressure.
The rights group called for stronger global regulation of commercial spyware and greater protections for vulnerable communities and human rights defenders in high-risk regions.