Almost 100 people across two dozen countries were allegedly targeted by hackers on WhatsApp.
Victims included journalists and other members of civil society who were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, WhatsApp says.
Like other spyware makers, Paragon’s hacking software is used by government clients.
Spyware makers pitch their products to governments on the basis they will help fight crime and protect national security.
WhatsApp said that the users had been targeted and their devices ‘possibly compromised’.
What’s more alarming is that Paragon’s software uses zero-click hack, which means people do not have to click malicious links to be impacted.
Once a phone is hacked, the spyware has complete access to the phone, which includes being able to read messages that are sent even if they are encrypted.
An official for WhatsApp told Reuters around 90 users were hacked and declined to say who was specifically targeted.
The people who were hacked were sent electronic documents that did not require any user interaction.
WhatsApp said the alleged attacks were discovered in December and it was not known how long the people had been hacked for.
As of last week, WhatsApp is in the process of informing people who have been impacted.
It said it will ‘continue to protect people’s ability to communicate privately’ and added it had sent Paragon a cease-and-desist letter.
The spokesperson did say users were targeted in more than two dozen countries, including several in Europe.
The official declined to say how he knew Paragon was behind it but said law enforcement and industry partners are involved.
Researcher John Scott-Railton, said this hack ‘is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use.’
Senior tech-legal counsel Natalia Krapiva said Paragon had a good reputation but this proves otherwise.
She said: ‘This is not just a question of some bad apples — these types of abuses (are) a feature of the commercial spyware industry.’
Paragon declined to comment when approached by Reuters and Metro has reached out for comment.
On its website, the company states that it ‘provides our customers with ethically based tools, teams, and insights to disrupt intractable threats.
‘We provide cyber and forensic capabilities to locate and analyse digital data, cyber workforce training, and critical infrastructure analysis and threat mitigation.’
Paragon was reportedly acquired by Florida-based investment group AE Industrial Partners last month.
AE has been approached for comment.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
MORE: Could Donald Trump’s plan to build a Riviera in Gaza spark conflict in the Middle East?
MORE: Inside Trump’s fantasy plan to turn the Gaza strip into a ‘Riviera’
MORE: Urgent warning over WhatsApp bug that could leave private content exposed
