WhatsApp Exposes Zero-Click Exploit Spyware Campaign Linked to Israeli Firm Paragon
WhatsApp has uncovered a targeted spyware campaign linked to the Israeli firm Paragon Solutions, which affected 90 individuals, including journalists and civil society members. Meta (WhatsApp’s parent company) has taken direct action to notify victims and neutralize the attack.
Key Details of the Attack
- The spyware campaign targeted 90 individuals, including journalists and civil society members.
- Attack vector: Malicious PDF files sent through WhatsApp groups.
- Zero-click exploit: The attack did not require user interaction, meaning victims were infected without clicking any malicious links.
- Paragon Solutions was identified as the perpetrator—an Israeli spyware firm acquired by AE Industrial Partners.
- WhatsApp has since released a security update to mitigate the exploit.
Investigation and Response
- The campaign was independently observed by John Scott-Railton, a senior researcher at The Citizen Lab.
- WhatsApp issued a cease and desist letter to Paragon.
- The attack occurred in December 2024 and affected individuals in over two dozen countries, including Italy.
- WhatsApp collaborated with The Citizen Lab to analyze and investigate the attack.
- WhatsApp has not disclosed whether U.S. citizens were among the victims.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Paragon Solutions and Industry Scrutiny
- Paragon Solutions was founded in 2019 and has largely kept a low profile until now.
- Unlike other Israeli spyware firms, such as NSO Group and Intellexa, Paragon had not previously been linked to hacking scandals.
- However, the company gained attention after Wired Magazine reported that it had signed a $2 million contract with the U.S. Immigration and Customs Enforcement (ICE) for homeland security investigations.
WhatsApp’s Previous Battle Against NSO Group
- WhatsApp previously sued NSO Group, another Israeli spyware firm, for exploiting a WhatsApp vulnerability to deploy its Pegasus spyware.
- The Pegasus attack affected at least 1,400 devices, targeting journalists, activists, and government officials.
- NSO Group was later sanctioned by the U.S. government and placed on blacklists.
Broader Implications and Expert Warnings
- John Scott-Railton emphasized that the targeting of journalists and civil society members is a systemic issue in the commercial spyware industry.
- He also warned that government officials could also be at risk from similar attacks.
- Paragon and AE Industrial Partners have not responded to the allegations.
Trending: Offensive Security Tool: XSRFProbe
WhatsApp’s Commitment to Privacy and Security
- WhatsApp remains firm in its stance against spyware companies and is taking legal action to challenge their activities.
- A WhatsApp spokesperson stated:
“This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately.”
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: hackread.com
Recent News
Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials and Bypass MFA
Python PyPI Supply Chain Attack: Hackers Hide Malware in Fake DeepSeek Packages
New ‘Browser Syncjacking’ Attack Uses Chrome Extensions for Full Device Takeover
New Aquabot Variant Exploiting Mitel SIP Phones via CVE-2024-41710
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
