According to the messaging app, the malware may have put some users' accounts at risk.
According to a report by The Guardian, WhatsApp has stated that there is a possibility that some of its users were hacked by spyware. The messaging service owned by Meta went on to claim that the attack targeted almost 100 journalists and activists. Furthermore, the platform claims to have "high confidence" that the Graphite spyware originated from Paragon Solutions, a company that was established in Israel and was recently purchased by an American investment firm.
According to hacking specialists, this was a "zero-click" assault, which means that the people who were targeted did not have to click on a malicious link in order to become infected. This is an approach that is comparable to another large-scale WhatsApp breach, in which a spyware named Pegasus infected more than 1,400 machines. When a device is infected with something like Pegasus or Graphite, the person operating the spyware has complete access to the device. This even includes the capacity to read communications received through encrypted services such as WhatsApp and Signal.
WhatsApp claims that it has notified the approximately 100 users of the possible attack, but it has refused to provide their location or identity. It did state that it disrupted the supposed attacks in December, although it is uncertain how long the targets may have been in danger.
"This is the most recent example of why firms that create spyware should be held responsible for their illegal activities. A spokeswoman for WhatsApp stated, "WhatsApp will continue to protect people's ability to communicate privately." Paragon has received a "cease and desist" notice from WhatsApp, which also states that it is considering legal alternatives.
Paragon recently signed a $2 million contract with the US Immigration and Customs Enforcement (ICE) department, which has sparked some controversy. According to Wired, the one-year deal requires Paragon to provide a "fully configured proprietary solution including license, hardware, warranty, maintenance and training." The business has not yet responded to the accusations made by WhatsApp.
