WhatsApp Says Some Users Targeted by Israeli Spyware Paragon

 

WhatsApp says that civil society workers and journalists on its platform were the targets of hacks by the Israeli spyware company Paragon Solutions.

A company official told Gizmodo that WhatsApp had detected the hacking attempts in December and closed down the attack vector. WhatsApp believes around 90 users of the platform were targeted by a malicious PDF file that could be sent to a group chat and would automatically download itself onto the victim’s phone, infecting it with spyware that potentially granted the operator broad access to the device beyond just WhatsApp. The company, which is owned by Meta, sent Paragon a cease-and-desist letter.

“WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users including journalists and members of civil society,” the spokesperson said. “We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately.”

The revelation comes a month after WhatsApp won a lawsuit against another Israeli spyware company, NSO Group, that reverse-engineered the popular messaging app in order to install malware on the phones of at least 1,400 human rights activists, diplomats, attorneys, journalists, and other hacking targets. The case was the first time that a court held a spyware firm liable for breaking U.S. law.

Paragon Solutions is headquartered in Tel Aviv, Israel but has an office in Virginia. An American venture capital firm, AE Industrial Partners, purchased the company for as much as $900 million in December, according to Israeli media reports.

That acquisition came shortly after Paragon entered into a one-year, $2 million contract with Homeland Security Investigations, a branch of Immigration and Customs Enforcement (ICE) for its flagship spyware product Graphite.

That deal was quickly criticized by civil society groups, who said that it likely violated a 2023 executive order issued by former President Joe Biden banning federal departments from purchasing spyware products that pose “significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person.”

It was not immediately clear who was behind the most recent hacking attempts that WhatsApp disclosed.