Meta’s WhatsApp announced the disruption of a zero-click spyware campaign targeting around 90 journalists and civil society members. The attack was attributed to Paragon Solutions, an Israeli company that provides surveillance software to government clients. The spyware was deployed without any user interaction and is suspected to have been delivered through a malicious PDF file sent to individuals added to WhatsApp group chats.
The targeted individuals were located across more than two dozen countries, including several in Europe. WhatsApp reached out to the affected users and provided them with information on how to protect their communications.
The company also sent a “cease and desist” letter to Paragon Solutions and is considering further actions in response to the misuse of its technology.
This is the first confirmed case where WhatsApp has linked its infrastructure to spyware exploitation. The development follows a previous case involving NSO Group’s Pegasus spyware, which was used to target 1,400 devices. Meta has repeatedly emphasized its commitment to protecting users’ privacy and stated that spyware companies must be held accountable for their unlawful actions.
Paragon Solutions, the creator of the Graphite spyware, was recently acquired by a U.S.-based investment group. The spyware had previously been used by the U.S. Drug Enforcement Administration for counternarcotics operations. The news of this campaign coincides with other high-profile developments, including the arrest of former Polish Justice Minister Zbigniew Ziobro over alleged use of Pegasus spyware against opposition leaders.
Reference:
About Pegasus:
Pegasus is a highly sophisticated spyware which targets Android and iOS mobile devices, developed by the Israeli NSO group. The malware is offered for sale, mostly to government-related organizations and corporates.
The malware infects its targets via several means: Spear phishing SMS messages which contains a malicious link or URL redirect, without any action required from the user (“Zero Click”), and more.
The app features multiple spying modules such as screenshot taking, call recording, access to messaging applications, keylogging and browser history exfiltration.
