WhatsApp says a spyware company targeted journalists and civilians

 Around 90 users of Meta’s chat service WhatsApp are suspected to have been targets of a spyware campaign conducted by an Israeli spyware company called Paragon Solutions, a WhatsApp spokesperson told NBC News.

The spokesperson said that the attack targeted a number of users including journalists and members of civil society “across over two dozen countries, particularly in Europe.” They added that Paragon Solutions has used a vector, a method to illegally access a network, to target the users and that “the vector involved using groups and sending a malicious PDF file.” The spokesperson added that the company has “successfully disrupted this exploitation vector.”

WhatsApp has sent Paragon Solutions a cease-and-desist letter following the series of attempted attacks. The spokesperson said that those believed to be affected have been notified through WhatsApp chat and have been provided information on how to protect themselves from spyware. Paragon Solutions did not reply to an immediate request for comment.

“These attackers look for vulnerabilities in apps or the mobile phone operating system or try to trick users into clicking on malicious links or downloading malware — all to gain unauthorized access that can damage your phone, steal your information and put your privacy and security at risk,” a WhatsApp help page on spyware reads.

Francesco Cancellato, the editor-in-chief of the Italian online newspaper Fanpage.it, published an article revealing that he was one of the journalists who was targeted by the attack. In the message that WhatsApp sent to Cancellato notifying him that he might have been affected, the chat service said that it had stopped the attack in December.

The spokesperson said that the company’s security team and Citizen Lab, a cybersecurity research lab based out of the Munk School of Global Affairs at the University of Toronto, helped track the spyware campaign.

John Scott-Railton, a senior researcher at Citizen Lab, told NBC News that a hack such as this one has the ability to “turn a telephone into a spy in your pocket.”

“When a phone is infected, the operator of that spyware can typically do anything that you as a user can do on the phone,” Scott-Railton said. “They can access your encrypted messages, your chats, look at your photographs, browse your messages, listen to your voice memos, look at your notes, read your contacts, get your passwords, and also do some number of things that you can’t do, like silently activating the microphone to listen to a conversation you might be having in a room, or turning on the camera.”

WhatsApp worked with Citizen Lab in 2019 when the chat service sued the Israeli surveillance firm NSO Group, accusing it of aiding government spies to hack the phones of over a thousand users, including journalists, diplomats, senior government officials and political dissidents. In December, a U.S. judge ruled in favor of WhatsApp. That same month, the Florida-based investment group AE Industrial Partners, a competitor to NSO Group, acquired Paragon Solutions. It is still believed that Paragon Solutions operates in Israel.

Natalia Krapiva, senior tech-legal counsel at the internet access nonprofit Access Now, says that the nonprofit’s research has found that these attacks on “journalists and other civil society actors are becoming common.”

“Last time WhatsApp notified NSO victims in 2019, we have seen a flood of lawsuits, sanctions, and other consequences for this industry,” Krapiva said. “But we need more action by lawmakers and the tech sector to reign in the industry as it obviously cannot police itself.”