Journalists Targeted in Major WhatsApp Spyware Campaign

WhatsApp, the messaging platform owned by Meta, has revealed that nearly 100 of its users were targeted by spyware developed by Paragon Solutions, an Israeli-based company specializing in surveillance tools. The targets included journalists and members of civil society, sparking renewed concerns about the use and abuse of spyware technology.

Zero-Click Attack Exploited Group Chats

The attack is believed to have exploited a “zero-click” vulnerability. This type of spyware can infiltrate a device without any user interaction, such as clicking on a suspicious link. In this case, WhatsApp identified a malicious PDF file sent through group chats as the likely infection method.

Once a phone is infected, Paragon’s spyware, called Graphite, can provide full access to the device, allowing attackers to read encrypted messages from apps like WhatsApp and Signal.

Although WhatsApp said it had “high confidence” it had identified and disrupted the attack in December, the company could not confirm who was ultimately behind it. Spyware companies typically sell their tools to government clients, with Paragon reportedly having contracts with 35 such customers worldwide. However, WhatsApp has now sent Paragon a cease-and-desist letter and is evaluating its legal options.

A Growing Pattern of Spyware Misuse

This incident is part of a broader pattern of spyware misuse. Companies like Paragon and the more infamous NSO Group have argued that their tools are intended for national security and crime prevention. However, investigations have repeatedly found that spyware is used to target journalists, activists, and political opponents. Citizen Lab, a digital watchdog at the University of Toronto, assisted WhatsApp by helping to identify the technical details of the attack.

Paragon Solutions, which was reportedly sold to Florida-based AE Industrial Partners for $900 million last year, has not commented on the allegations. The deal is reportedly still pending regulatory approval in Israel, where cyberweapons like Graphite are tightly controlled by the Ministry of Defense.

Fighting for Accountability

This attack comes just weeks after a U.S. judge ruled against NSO Group in a separate spyware case involving WhatsApp. The court found NSO liable for hacking into the app to compromise 1,400 devices and violating U.S. hacking laws. NSO had been placed on a U.S. trade blacklist in 2021 due to concerns over national security and human rights abuses.

The growing misuse of spyware underscores the urgent need for tighter regulations and accountability in the commercial spyware industry. WhatsApp emphasized its commitment to protecting user privacy, stating, “This is the latest example of why spyware companies must be held accountable for their unlawful actions.”

For users, this serves as a reminder to stay vigilant. Even encrypted messaging apps are not invulnerable to sophisticated attacks, especially those supported by well-funded surveillance firms. Platforms like WhatsApp are fighting back, but the global nature of these threats makes a permanent solution elusive.

Cybersecurity experts continue to warn that without stricter international oversight, spyware will remain a danger to privacy, democracy, and the safety of vulnerable communities worldwide.