WhatsApp has recently confirmed that nearly 100 journalists and members of civil society were targeted in an attack attributed to spyware developed by Paragon Solutions.The first to make this case public was Francesco Cancellato, an investigative journalist and director of Fanpage, a news outlet known for investigative journalism.The attack exploited a “zero-click” vulnerability, allowing devices to be infected without the user having to interact with a malicious file or link. WhatsApp is notifying victims about the possible compromise of their devices.
What happened?#
According to a statement from WhatsApp, at least 90 users, including journalists and civil society members, were targeted by spyware called Graphite, developed by Paragon Solutions. The attack was carried out by sending malicious PDF files within group chats. This type of attack enables an attacker to gain full access to the victim’s device, including encrypted communications on apps like WhatsApp and Signal.The company halted the attack campaign in December 2024 and sent a cease-and-desist letter to Paragon, also exploring possible legal action. However, it remains unclear who commissioned the attack.Paragon, like other spyware companies, sells its software to government clients, but WhatsApp has not been able to identify the governments involved.
What is a zero-click attack?#
A zero-click attack is a type of cyberattack that allows an attacker to infect a device without the victim having to take any action, such as clicking on a link or opening a file.In this case, the spyware was distributed through malicious PDF files sent in group chats.
Once infected, the compromised device allows an attacker to access all information, including messages, call recordings, files, and even control of the camera and microphone. These attacks are particularly dangerous because they are difficult to detect and leave few traces.
How to prevent it?#
Preventing zero-click attacks is challenging, but key protective measures include:
- Frequent Updates:Always keep your operating system and apps up to date.
- Security Software:An antivirus or anti-malware application can help detect suspicious activity.