WhatsApp has recently uncovered and disrupted a sophisticated spyware campaign targeting approximately 90 journalists and civil society members across more than 20 countries. The attack, neutralized in December 2024, utilized spyware developed by Israeli firm Paragon Solutions.

The zero-click attack reportedly employed specially-crafted PDF files distributed through WhatsApp group chats, requiring no user interaction for deployment. WhatsApp has contacted affected users, expressing “high confidence” that their devices were potentially compromised.

Paragon Solutions, recently acquired by U.S. investment group AE Industrial Partners for $500 million, develops surveillance software called Graphite. The company markets itself as providing “ethically based tools” for government clients to combat digital threats. Notably, the U.S. Drug Enforcement Administration (DEA) has previously used Graphite for counternarcotics operations.

In response, WhatsApp has:
– Issued a cease-and-desist letter to Paragon
– Notified affected users with security guidance
– Considers additional legal actions

This incident follows WhatsApp’s recent legal victory against NSO Group regarding the Pegasus spyware case, where 1,400 devices were compromised in 2019. While the perpetrators behind this latest campaign remain unknown, WhatsApp emphasizes its commitment to protecting user privacy and holding spyware companies accountable for unlawful actions.