WhatsApp exposes spyware targeting journalists, some users by Israeli firm

WhatsApp, owned by Meta, has reported that nearly 100 journalists and civil society members using its platform were targeted by spyware developed by Paragon Solutions, an Israeli cybersecurity firm. The Guardian reported on Friday that WhatsApp informed the affected users and expressed "high confidence" that some devices had been compromised by the attacks.

The identity of the entity behind the hacking remains unclear. Paragon Solutions, like other spyware companies, sells its technology to government clients, but WhatsApp has not identified which governments or agencies were responsible for this particular attack. Security experts noted that this was a "zero-click" attack, meaning the victims did not need to click on anything for their phones to be infected. WhatsApp did not disclose the locations of the targeted individuals.

Paragon Solutions has been scrutinised for a reported $2 million contract with the U.S. Immigration and Customs Enforcement (ICE). According to Wired, the contract was paused to ensure compliance with a Biden administration rule that restricts the use of spyware. WhatsApp stated it had sent Paragon a legal notice demanding it cease the alleged attacks and mentioned that it had blocked the spyware in December, though it remains unclear how long users were at risk.

Paragon did not comment on the allegations, but the report cited a source close to the company saying that that it only collaborates with democratic governments and does not sell to countries with a history of spyware abuse, such as India, Greece, Poland, Hungary, and Mexico.

Paragon’s spyware, named Graphite, is similar to Pegasus, the notorious hacking tool developed by NSO Group. Once installed, Graphite can access all data on a target’s phone, including encrypted messages on WhatsApp and Signal. Paragon was founded by former Israeli Prime Minister Ehud Barak and was recently sold to U.S. private equity firm AE Industrial Partners for $900 million, though the sale is still pending approval from Israeli regulators.

WhatsApp suspects that Paragon’s spyware spread through malicious PDF files sent to users in group chats. The company has been working with researchers at the Citizen Lab at the University of Toronto to investigate the attack. This incident follows WhatsApp's ongoing legal battle against NSO Group, with a US judge recently ruling that NSO was liable for hacking 1,400 WhatsApp users in 2019, violating US hacking laws and WhatsApp’s terms of service.