Paragon spyware campaign targeting journalists disrupted by WhatsApp

(Image credit: DenPhotos / Shutterstock.com)

WhatsApp has accused spyware company Paragon of targeting journalists
The encrypted messaging app disrupted the campaign in December 2024
A cease-and-desist letter has been issued to Paragon by WhatsApp

WhatsApp has revealed it has disrupted a spyware hacking campaign targeting journalists and prominent members of civil society.

The spyware in question belongs to Paragon, a commercial spyware company founded by former Israeli intelligence officers, which Meta-owned WhatsApp has directly implicated in the campaign.

WhatsApp says about 90 of its users were targeted with malicious PDF files, with the victims being notified of the attempt, and a cease-and-desist letter being issued to Paragon.

Paragon caught targeting journalists

According to WhatsApp, the campaign was discovered in December 2024, and did not require the users to open the PDF attachment, acting as a ‘zero-click’ deployment method.

“This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” WhatsApp spokesperson Zade Alsawah said (via TechCrunch).

WhatsApp has not said where the victims of the campaign were based, and was unable to determine when the campaign started.

In 2024, the US Immigration and Customs Enforcement (ICE) signed a $2 million one year contract with Paragon that included a “fully configured proprietary solution including license, hardware, warranty, maintenance and training,” federal documents say.

While this is the first time Paragon has been implicated in a spyware campaign, numerous other commercial spyware software developers have been involved in illegal operations.

Israeli spyware company NSO Group is currently in the crosshairs of a Polish government investigation into the deployment of the Pegasus spyware on thousands of opposition government devices.

In early 2024, WhatsApp won a federal court battle to be able to view the source code of NSO Group’s Pegasus spyware after the company was accused of deploying the spyware on 1,400 mobile devices over a two-week period in 2019.

“Based on Meta’s notification, this spyware campaign was another precise attack targeting individuals with highly valued access or contacts," noted Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf. "When spyware does hit, it is often a sophisticated threat that uses advanced techniques to maintain persistence.”

“Meta should be praised for proactively issuing a warning about the attack. Encouraging transparency and the safe sharing of breach details will be critical to properly addressing the threat posed by spyware. We recommend that individuals who believe their device could be compromised enable preventative security features such as Lockdown Mode for iPhone users as well as keeping their devices on the latest version of operating system,” Boynton said.

Pegasus spyware is still targeting top business leaders
Take a look at the best encrypted messaging apps
This is the best malware removal software

TOPICS

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.