WhatsApp revealed on Friday that a “zero-click” spyware attack, attributed to the Israeli firm Paragon, has targeted scores of users worldwide, including journalists and members of civil society.
The spyware targeted nearly 100 WhatsApp users, including journalists, and did not require any user interaction, nor did it require clicking links or opening attachments, making it particularly insidious.
In a statement, WhatsApp spokeperson confirmed with Cyber Security News that it had dismantled the attack vector, alerted affected users, and taken steps to notify the public about the breach.
“We disrupted a spyware campaign by Paragon that targeted a number of users, including journalists and other individuals. We have directly contacted those we believe were affected and We have directly contacted the individuals we believe were affected ”
“This collaboration involved Citizen Lab, a renowned cybersecurity watchdog, which provided key insights enabling WhatsApp to reconstruct the attack.
“They can access your encrypted messages, read your chats, view your photos, browse your messages, listen to voice memos, check your notes, access your contacts, and steal your passwords.”
“They can also do things you can’t, like silently activating your microphone to eavesdrop on conversations or turning on your camera.”
“This is the latest example of why spyware companies must be held accountable for their wrongdoing. WhatsApp will continue to protect people’s ability to communicate privately.” John Scott-Railton, a senior researcher at Citizen Lab said.
Fanpage.io, a media outlet, first reported that its director, Francesco Cancellato of the Italian newspaper Fanpage.it, was among the victims of the spyware attack.
The breach targeted over 90 journalists, activists, and members of civil society worldwide. Cancellato confirmed receiving a notification from WhatsApp about the attack on his device.
“Our investigations indicate that you may have received a malicious file through WhatsApp, and the spyware may have accessed your data, including messages saved on your device.”
Cancellato explained that his team, alongside independent analysts, is conducting a detailed analysis to determine the scope of the breach, including what data was accessed and for how long. “We also want to know who ordered this espionage activity,” he said.
The organization has been closely monitoring spyware firms like Paragon, which markets itself as a more ethical alternative to controversial companies like NSO Group, maker of the notorious Pegasus spyware.
Despite claims of operating only within democratic nations and adhering to human rights principles, Paragon’s reputation is now under scrutiny following the WhatsApp revelation.
Paragon’s Push for U.S. Market Entry
Paragon recently positioned itself as a model of ethical conduct in the spyware industry, aiming to secure access to the lucrative U.S. market. However, its ambitions hit a stumbling block late last year when a key contract was paused for review amid national security and human rights concerns.
This review stemmed partly from an executive order issued by the Biden administration to curb the proliferation of commercial surveillance tools. The order required rigorous scrutiny of spyware deals to align with U.S. counterintelligence interests and international human rights commitments.
“Put secret phone hacking technology in the hands of a government that thinks they won’t be caught, and abuses are a matter of when, not if,” noted one cybersecurity expert. Even democracies, they contend, have a long history of surveillance abuse due to weak oversight and inadequate checks and balances.
The news has also sparked concerns about the potential exposure of sensitive information from U.S. officials and allies.
Paragon has yet to comment on WhatsApp’s disclosures. However, the revelation casts a shadow over the company’s operations and could lead to increased scrutiny of the entire spyware industry.
This latest incident highlights the dangers posed by mercenary spyware firms and their unchecked proliferation, reminding governments and tech companies alike of the urgent need for stronger regulations in the surveillance technology marketplace.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates