WhatsApp New Spyware Threat : WhatsApp, the widely used messaging app owned by Meta Platforms, has raised the alarm about a new spyware threat linked to an Israeli company called Paragon Solutions. According to a WhatsApp official, the spyware targeted dozens of users, including journalists and civil society members.
On Friday, WhatsApp confirmed it had sent Paragon a cease-and-desist letter following the discovery of the hack. In a statement, the company emphasized its commitment to safeguarding users’ privacy, saying, “We will continue to protect people’s ability to communicate privately.” Paragon, however, has not responded to requests for comment.
The WhatsApp official revealed that the company detected attempts to hack around 90 users. While the official didn’t specify who was targeted, they confirmed that the victims were spread across more than 20 countries, with several located in Europe. The attackers used a particularly sneaky method known as a “zero-click hack,” which involves sending malicious files that don’t require any interaction from the user to compromise their device. This makes the attack extremely hard to detect.
WhatsApp has since managed to stop the hacking campaign and has referred the affected users to Citizen Lab, a Canadian internet watchdog group. The official didn’t explain how WhatsApp identified Paragon as the culprit but noted that law enforcement and industry partners had been informed. Details about these communications, however, were not disclosed. The FBI has not yet commented on the matter.
John Scott-Railton, a researcher at Citizen Lab, pointed out that the discovery of Paragon’s spyware targeting WhatsApp users highlights the growing problem of mercenary spyware. “It’s a reminder that as spyware becomes more widespread, we’re seeing the same concerning patterns of abuse over and over again,” he said.
Companies like Paragon are in the business of selling sophisticated surveillance tools to governments. They often justify their products as crucial for fighting crime and protecting national security. But time and again, these tools have ended up on the phones of journalists, activists, opposition leaders, and even more than 50 U.S. officials. This has led to growing alarm about how easily such invasive technology is being used without proper oversight.
Paragon, which was reportedly bought last month by a Florida-based investment group called AE Industrial Partners, has tried to paint itself as one of the more responsible players in the spyware industry.Its website boasts about providing “ethically based tools, teams, and insights to disrupt intractable threats.” Media reports also suggest that Paragon claims to sell its products only to governments in stable democracies.
But Natalia Krapiva, a senior tech-legal counsel at the advocacy group Access Now, isn’t convinced. She noted that while Paragon has a reputation for being a “better” spyware company, WhatsApp’s recent findings tell a different story. “This isn’t just about a few bad actors—these abuses are built into the very nature of the commercial spyware industry,” she said.
