Israeli Spyware ‘Graphite’ Exploits WhatsApp: 0-Click Attack Uncovered

by | Mar 21, 2025 | News

Post Views: 680

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Citizen Lab Uncovers Advanced Spyware Targeting WhatsApp Users

Cybersecurity researchers at Citizen Lab, a digital rights watchdog based at the University of Toronto, have exposed the use of a highly sophisticated spyware tool named Graphite. Developed by Israeli cybersecurity firm Paragon Solutions, Graphite was deployed to target high-profile individuals, including journalists and human rights activists, by exploiting a zero-day vulnerability in WhatsApp.

Unlike traditional malware, this attack required no user interaction. The spyware was installed via a zero-click exploit, meaning the target’s device was compromised without them having to click a link or open a malicious file. Once installed, the malware granted adversaries unauthorized access to the victim’s phone, raising serious concerns about privacy and digital security.

Attack flow explained (Source: The Citizen Lab)

How the Graphite Spyware Attack Spread Globally

Paragon Solutions, founded in 2019 by figures including former Israeli Prime Minister Ehud Barak, claims to operate within ethical guidelines. However, Citizen Lab’s research suggests otherwise. Their investigation identified spyware servers linked to Graphite operating across multiple countries, targeting individuals in:

Italy
Israel
Canada
Cyprus
Denmark
Australia
Singapore

WhatsApp’s parent company, Meta, confirmed that at least 90 users across 24 countries were targeted. Among the most concerning findings was evidence linking Ontario’s Provincial Police (OPP) to the use of Paragon’s spyware, indicating that Canadian law enforcement agencies may have utilized these capabilities.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Forensic Analysis Confirms Spyware Presence in Italy

Italy became a central focus of the investigation after forensic analysis of Android devices revealed the presence of Graphite spyware. Victims included journalist Francesco Cancellato and Mediterranea Saving Humans co-founders Luca Casarini and Dr. Giuseppe Caccia.

Citizen Lab researchers discovered a unique forensic artifact named BIGPRETZEL, which served as a key indicator of Graphite infections. Initially, the Italian government denied involvement but later admitted to having contracts with Paragon Solutions, raising further questions about how and why this spyware was deployed.

Apple and Meta Respond to Security Breach

In addition to WhatsApp users, an iPhone belonging to David Yambio, an associate of previously identified spyware victims, was also targeted. Apple threat notifications and forensic analysis revealed an attempted infection using an undisclosed spyware variant, later patched in iOS 18.

Following Citizen Lab’s report, Meta, Apple, and Google coordinated efforts to mitigate the threat. WhatsApp issued a server-side fix to block the exploit without requiring users to update their apps. Apple also released a security patch to safeguard iPhone users from potential attacks. WhatsApp directly notified affected users, warning:

“If we believe that your device has come under threat, we may notify you about it directly via a WhatsApp chat.”

Ongoing Spyware Threats: NSO Group’s Shadow Looms

This is not the first time an Israeli cybersecurity firm has exploited WhatsApp vulnerabilities. In a previous lawsuit, Meta successfully held NSO Group legally accountable for using its Pegasus spyware to target over 1,400 devices belonging to journalists, activists, and government officials.

Despite this legal setback, NSO Group continued developing new malware based on WhatsApp vulnerabilities. Reports from CyberScoop in November 2024 revealed that NSO Group used an exploit named “Eden,” and after it was disabled, they pivoted to a new attack vector called “Erised,” which remained active until May 2020.

Citizen Lab’s findings reinforce a troubling pattern: Israeli spyware firms persistently exploit WhatsApp vulnerabilities to surveil high-profile individuals, posing a constant threat to digital privacy.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: hackread.com

Source Link