Home News Paragon Spyware Exploits WhatsApp Zero-Day Vulnerability
News

Paragon Spyware Exploits WhatsApp Zero-Day Vulnerability

276

WhatsApp has successfully patched a zero-click, zero-day vulnerability that was exploited by Paragon Solutions to install Graphite spyware on targeted devices. This vulnerability was discovered by researchers at the University of Toronto’s Citizen Lab, leading to a swift response from WhatsApp to mitigate the threat.

Key Points of the Paragon Spyware Attack

  • Zero-Click Vulnerability: The attack involved a zero-click exploit, meaning no user interaction was required for the device to be compromised. Targets were added to a WhatsApp group and sent a malicious PDF, which automatically processed the exploit.
  • Graphite Spyware: The Graphite spyware, developed by Paragon Solutions, was used to collect sensitive data and intercept private communications. It compromised other apps on the device by escaping the Android sandbox.
  • Targets: Approximately 90 Android users across over two dozen countries, including Italian journalists and activists, were notified by WhatsApp that they were targeted and possibly compromised.
  • Detection and Removal: Infections can be detected using a forensic artifact known as BIGPRETZEL. However, the lack of evidence does not rule out the possibility of overwritten logs.
  • Infrastructure Mapping: Researchers mapped Paragon’s server infrastructure, finding potential links to government customers in Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

Background on Paragon Solutions

Paragon Solutions, founded in 2019 by Ehud Barak and Ehud Schneorson, claims to sell its surveillance tools only to law enforcement and intelligence agencies in democratic countries. The company was acquired by AE Industrial Partners in December 2024.

Response and Accountability

WhatsApp has taken steps to hold spyware companies accountable for their actions, emphasizing the need for stronger accountability. Meta issued a cease-and-desist letter to Paragon and is considering further legal measures.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...