WhatsApp accuses Paragon of targeting about 90 users with spyware

WhatsApp on Friday accused the commercial surveillance company Paragon of targeting about 90 of its users with spyware.

The Meta-owned messaging platform said it believes the targets include journalists and members of civil society. The company said it had disrupted the attack vector, which involved a malicious PDF file that was sent to intended victims. 

WhatsApp determined Paragon, which was founded by former Israeli intelligence officers, was responsible for the attempted intrusions, and the company said it had contacted those targeted to make them aware of the incident. It also said it has sent Paragon a cease-and-desist letter.

“This is the latest example of why spyware companies must be held accountable for their unlawful actions,” a WhatsApp spokesperson said in a statement. 

The company has aggressively pursued spyware companies targeting its users, and

in December a California federal judge ruled that NSO Group, the manufacturer of the spyware Pegasus, was liable for having infected mobile devices of about 1,400 WhatsApp users in 2019. 

The decision was the culmination of a five-year-long court battle initiated by WhatsApp. The damages phase of that trial begins in March.

The American private equity firm AE Industrial Partners spent hundreds of millions to acquire Paragon in December, according to Israeli news outlets. 

Paragon has had some success penetrating the American market. 

Wired reported late last year that U.S. Immigration and Customs Enforcement (ICE) agreed to a contract with Paragon worth $2 million in September.

The one-year contract between the company’s Virginia-based subsidiary and ICE included a “fully configured proprietary solution including license, hardware, warranty, maintenance and training,” federal spending documents posted online show.

In 2022, the New York Times reported that the Drug Enforcement Administration had deployed Paragon’s main product, Graphite.

Paragon “may want to score credibility points by being U.S.-based and aiming for U.S. federal contracts,” Rand Hammoud, the surveillance campaigns lead at Access Now, said in a statement. 

“However, spyware abuse can no longer hide in the shadows, and the new WhatsApp revelation should be a glaring red flag to all governments: no contracts, no funding, no legitimization of spyware vendors complicit in repression.”

Paragon attempts to fly under the radar and maintains no website. 

The CEO of Paragon, Idan Nurick, did not respond to a message sent to his LinkedIn account seeking comment.

A spokesperson for AE Industrial Partners acknowledged receipt of a comment request, but did not provide responses before publication.