WhatsApp Zero-Day Exploited: Paragon Spyware Targets Users

 


Citizen Lab Uncovers WhatsApp Zero-Day Exploited by Paragon’s Graphite Spyware

A recent investigation by The Citizen Lab at the University of Toronto has exposed the exploitation of a zero-day vulnerability in Meta’s WhatsApp by Graphite, a spyware developed by Israeli company Paragon Solutions. This discovery raises serious concerns about the use of commercial surveillance tools against individuals worldwide.


Paragon Solutions and Graphite Spyware

Founded in 2019, Paragon Solutions markets its spyware as a responsible alternative to other surveillance tools, such as NSO Group’s Pegasus, claiming to have safeguards against misuse. However, Citizen Lab’s findings suggest otherwise, revealing that Graphite has been deployed in various countries, including Australia, Canada, Denmark, Singapore, Israel, and Cyprus. Reports indicate that Canadian law enforcement may have utilized the spyware.

Global Deployment and Recent Revelations

Graphite has recently been linked to surveillance operations in Italy, targeting both Android and iPhone users. The Italian government, however, has denied allegations of using Paragon spyware to monitor journalists and migrant activists.

In a major security alert, Meta notified 90 individuals across 24 countries that they had been targeted with Paragon spyware through WhatsApp. Some of these attacks leveraged a zero-day vulnerability, requiring no user interaction—a particularly dangerous type of exploit known as a zero-click attack.

WhatsApp’s Response and Citizen Lab’s Role

Citizen Lab collaborated with Meta by sharing intelligence on Paragon’s infrastructure, which played a crucial role in Meta’s investigation. This partnership enabled WhatsApp to identify, mitigate, and attribute a zero-click exploit to Paragon.

WhatsApp has not yet released a formal advisory or assigned a CVE identifier for the vulnerability. This suggests that the exploit may have been neutralized on the server side, meaning users are not required to take additional security measures.

BigPretzel and Further Investigations

In addition to the zero-day exploit, WhatsApp has linked an Android component named BigPretzel to attacks on its users. This further deepens concerns about the extent of Paragon’s surveillance activities.

Contradicting Paragon’s Claims

Despite Paragon’s assurances of ethical surveillance practices, Citizen Lab’s findings indicate a troubling pattern. Many of the individuals targeted with Graphite spyware belong to human rights organizations, government opposition groups, and the press.

“The 90-some targets notified by WhatsApp likely represent a fraction of the total number of Paragon cases. Yet, in the cases already investigated, there is a troubling and familiar pattern of targeting human rights groups, government critics, and journalists,” Citizen Lab stated.

No comments:

Russian Hackers Leverage CVE-2025-26633 and MSC EvilTwin to Deploy SilentPrism and DarkWisp Malware

  Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp A suspected Russian hacking group known as Wate...