A hacking attempt that targeted about 90 users, including journalists and civil society representatives, was stopped by WhatsApp.
Malicious PDF files distributed over WhatsApp groups were used in the attack, which has been linked to the Israeli spyware company Paragon. A WhatsApp representative attested to the fact that impacted users had been informed and that precautions had been made to avoid future occurrences of this kind.
Zade Alsawah, a representative for WhatsApp, stated: “We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately.”
The American private equity fund AE Industrial purchased Paragon in December; the company has not responded to the accusations. According to WhatsApp, a cease-and-desist letter was delivered to Paragon in reaction to the December hack.
Senior researcher John Scott-Railton of Citizen Lab attested to the fact that his group had been looking into the hacking campaign. He pointed out that Paragon’s spyware had employed the precise attack technique that WhatsApp had discovered.
Continuing, for the first time, Paragon has been openly connected to this kind of cyberattack. Paragon has mostly stayed out of the news, in contrast to other spyware companies like Intellexa and NSO Group, both of which have been subject to fines and judicial scrutiny. But the new information calls into question its standing as a more subdued player.
Also read: https://brandspurng.com/2025/02/04/google-appeals-to-u-s-courts-ruling-on-its-app-modification/
According to Natalia Krapiva, Access Now’s Senior Tech-legal Counsel: “For some time, Paragon has had the reputation of a ‘better’ spyware company not implicated in obvious abuses, but WhatsApp’s recent revelations suggest otherwise.
“This is not just a question of some bad apples—these types of abuses are a feature of the commercial spyware industry,” Krapiva added.
BrandSpur digital news platform reports that as of now, neither the identities of the individuals targeted nor the full scope of the attack are known. In the course of tracking and thwarting spyware threats on its network, WhatsApp has informed law enforcement and industry partners about the occurrence.
