HQ/EMEAFind out how we can help your business
WhatsApp recently disclosed that it prevented a malware campaign that targets journalists and civil society members.
Reports stated that the campaign targeted at least 90 members of the group. Moreover, the threat actors utilised an alleged spyware produced by an Israel-based company dubbed Paragon Solutions.
The messaging platform claimed it had contacted affected users, indicating that it was highly confident that most of them had been targeted and possibly compromised by the campaign. However, it is unclear who was behind the campaign or how long it lasted.
The WhatsApp spyware attack uses a zero-click strategy.
The WhatsApp malware campaign’s infection process uses a zero-click tactic, meaning the spyware can be deployed without user intervention.
Researchers assume that hackers distributed a specially crafted PDF file to users who had been added to WhatsApp group discussions. Additionally, the company stated that the targets were dispersed across multiple countries, including several in Europe. It also notified the impacted parties and gave them information on protecting themselves.
A WhatsApp representative also explained that this is the latest example of why spyware businesses should be held accountable for their illegal conduct. WhatsApp will continue to preserve its users’ ability to connect confidentially.
The company also stated that it had issued Paragon a “cease” letter and evaluated alternative measures, indicating that this is the first time the corporation has been tied to incidents involving exploiting its technologies.
Like NSO Group, Paragon develops surveillance software called Graphite, which government clients use to tackle digital threats. In December, AE Industrial Partners, a US-based investment company, acquired it for $500 million.
The company’s basic website claims to provide customers with “ethically based tools” to interrupt intractable threats and cyber and forensic skills to discover and analyse digital data.
The campaign announcement comes weeks after a California judge decided in WhatsApp’s favour in a historic case against NSO Group for leveraging its infrastructure to transmit the Pegasus spyware to 1,400 smartphones in May 2019.
Meta’s announcement coincided with the arrest of former Polish Justice Minister Zbigniew Ziobro on claims that he approved using Pegasus spyware to eavesdrop on opposition leaders and monitored cases in which the technology was deployed.
