WhatsApp has thwarted a hacking attempt that targeted around 90 users, including journalists and members of civil society.
The attack, traced to Israeli spyware firm Paragon, was carried out using malicious PDF files sent via WhatsApp groups.
A spokesperson for WhatsApp confirmed that affected users had been notified and that measures had been taken to prevent similar incidents in the future.
“We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately,” said Zade Alsawah, a spokesperson for the messaging platform.
Paragon, which was acquired by American private equity firm AE Industrial in December, has not commented on the allegations. WhatsApp stated that the attack took place in December and that a cease-and-desist letter had been sent to Paragon in response.
John Scott-Railton, a senior researcher at Citizen Lab, confirmed that his team had been investigating the hacking campaign. He noted that Paragon’s spyware had used the specific attack method identified by WhatsApp.
This is the first time Paragon has been publicly linked to a cyberattack of this nature. Unlike other spyware firms such as Intellexa and NSO Group—both of which have faced sanctions and legal scrutiny—Paragon has largely remained out of the spotlight. However, the recent revelations challenge its reputation as a more restrained player in the industry.
“For some time, Paragon has had the reputation of a ‘better’ spyware company not implicated in obvious abuses, but WhatsApp’s recent revelations suggest otherwise,” said Natalia Krapiva, senior tech-legal counsel at Access Now. “This is not just a question of some bad apples—these types of abuses are a feature of the commercial spyware industry.”
The full extent of the attack is not yet known, and the identities of those targeted have not been disclosed. WhatsApp has reported the incident to law enforcement and industry partners while monitoring and countering spyware threats on its platform.
