WhatsApp has accused Israeli spyware company Paragon Solutions of targeting nearly 100 journalists and civil society members using its sophisticated spyware, Graphite.
The attacks, reportedly carried out using zero-click methods, have raised fresh concerns about the misuse of commercial surveillance tools and the lack of accountability within the industry.
According to a report by The Guardian, WhatsApp has "high confidence" that around 90 users, including journalists and activists, were targeted and possibly compromised.
Elon Musk's DOGE commission gains access to sensitive Treasury payment systems: AP sources
The company did not disclose the locations of the affected individuals but confirmed that they had been notified of the potential breach. WhatsApp has also sent a cease-and-desist letter to Paragon and is considering legal action against the firm.
Zero-Click Attack and Full Device Access
Graphite, Paragon’s spyware, is reportedly capable of infiltrating a device without requiring any interaction from the victim, making it a particularly dangerous tool for surveillance. Once installed, the software provides complete access to the infected phone, including the ability to read messages sent through encrypted apps such as WhatsApp and Signal.
While the identity of those behind the attacks remains unknown, Paragon Solutions is known to sell its software to government clients. A source close to the company claimed that it has 35 government customers, all of which are democratic nations.
Texas Governor orders ban on DeepSeek, RedNote for government devices
The source further stated that Paragon avoids doing business with countries that have previously been accused of spyware abuse, such as Greece, Poland, Hungary, Mexico, and India.
Growing Scrutiny of Spyware Industry
The incident has intensified scrutiny of the commercial spyware industry. Natalia Krapiva, a senior tech legal counsel at Access Now, commented on the matter, stating, "This is not just a question of some bad apples — these types of abuses are a feature of the commercial spyware industry."
While Paragon had been perceived as a relatively less controversial spyware provider, WhatsApp’s revelations have called that perception into question.
This development follows a recent legal victory for WhatsApp against NSO Group, another Israeli spyware maker. In December, a California judge ruled that NSO was liable for hacking 1,400 WhatsApp users in 2019, violating US hacking laws and the platform’s terms of service.
Italy blocks access to the Chinese AI application DeepSeek to protect users' data
In 2021, NSO Group was also added to the US commerce department’s blacklist due to activities deemed contrary to US national security interests.
WhatsApp’s Response and Future Security Measures
WhatsApp has not disclosed how long the targeted users may have been under surveillance but confirmed that the alleged attacks were disrupted in December. The company is now working to support affected users and reinforce its security measures to prevent future breaches.
As concerns over spyware misuse continue to grow, this latest revelation underscores the need for stricter regulations and international cooperation to curb the abuse of surveillance technologies.