A No-Click spyware was confirmed to have been used on WhatsApp
Meta has confirmed that on WhatsApp there has been an incident of spyware being used. It has now been shut down, but what happened, what does this mean, and how can we protect ourselves?
Meta, the company behind WhatsApp, has announced that they have successfully stopped a spyware campaign that targeted around 90 individuals, primarily journalists and civil society members. The spyware originated from an Israeli company, Paragon Solutions, which has since been issued a cease-and-desist letter.
Currently, it is unknown who was behind the attack, but WhatsApp has confirmed that it was neutralized in December 2024.
This attack required zero user interaction—no downloads, no clicks. The spyware spread via PDF files sent to individuals who were added to group chats.
WhatsApp has notified all individuals presumed to be affected and provided them with guidance on how to protect themselves. The effort to dismantle and analyze the attack was carried out in collaboration with Citizen Lab, a renowned cybersecurity watchdog, which played a key role in reconstructing the attack.
Paragon Solutions markets itself as an ethical alternative to firms like NSO Group, claiming to operate only within democratic nations and adhere to human rights principles. However, even in democratic states, the risk of surveillance abuse remains high.
Spyware like this is typically sold to governments and law enforcement under the justification of national security and criminal investigations, but the lack of regulation makes it easy for these tools to be misused.
Even companies that claim to operate ethically—like Paragon Solutions—cannot guarantee that their technology won’t be exploited. The blurred lines between legitimate use and abuse continue to raise concerns, particularly when surveillance software ends up targeting journalists and activists instead of criminals.
In the United States, the use of this tool and similar tools has been paused, but there are countless examples proving that even in democratic nations, surveillance abuse is a case of when—not if.
How do we keep ourselves safe?
Verified WhatsApp Communication: If WhatsApp detects a security concern with your account, they will only contact you through an official, verified WhatsApp account. This will be marked with a blue checkmark and a system message at the top identifying it as an official account.
Privacy Security Checkup: WhatsApp recommends all users complete their Privacy Security Checkup to strengthen their account security. This includes limiting who can add you to group chats—a setting that, by default, may allow anyone to add you.
Additional Support: More guidance on responding to spyware threats is available through Citizen Lab’s website, including a digital security helpline for affected users.
For anyone using WhatsApp, we highly recommend completing the Privacy Checkup and ensuring that only your contacts can add you to group chats to reduce the risk of being targeted by unknown users.
-
This Privacy Collection Notice describes how 59 Degrees North Pty Ltd (ABN 85 665 008 597) (we, us or our) collects and handles your personal information when you make an enquiry with us. We collect personal information from you so that we can respond to your enquiry and for related purposes set out in our Privacy Policy, available on our website (or on request).
We may disclose this personal information to third parties, including our personnel, related entities, any third parties engaged by us and acting on our behalf and as otherwise set out in our Privacy Policy.
We store personal information in Australia. Where we disclose your personal information to third parties, those third parties may store, transfer or access personal information outside of Australia.
If you do not provide your personal information to us, it may affect our ability to do business with you. For example, if you do not provide your email address, we may not be able to respond to your inquiries or provide you with our services.
Please see our Privacy Policy for more information about how we collect, store, use and disclose your personal information, including details about overseas disclosure, access, correction, how you can make a privacy-related complaint and our complaint-handling process.
If you have questions about our privacy practices, please contact us by email at: contact@59n.com.au By providing your personal information to us, you agree to the collection, use, storage and disclosure of that information as described in this privacy collection notice.