WhatsApp says it disrupted spyware campaign aimed at reporters, civil society

WhatsApp said Friday that it had disrupted a spyware campaign that targeted 90 people, including journalists and activists.

The company tied to the campaign, according to WhatsApp, is Israeli firm Paragon, which last fall signed a $2 million contract with Immigration and Customs Enforcement and recently was purchased by U.S. private equity giant AE International.

“We’ve reached out directly to people who we believe were affected,” said a WhatsApp spokesperson. “This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect peoples’ ability to communicate privately.”

WhatsApp has been at the legal forefront of the battle against spyware abuses, most recently winning a decision against NSO Group. It has sent a cease and desist letter to Paragon. Paragon did not immediately respond to requests for comment.

The campaign involved using groups and sending a malicious PDF file, according to WhatsApp, which said it was confident that it had disrupted the infection vector.

WhatsApp said the targets were in over two dozen countries, particularly in Europe. One outlet that said it was targeted was the Italian publication fanpage.it. 

WhatsApp swapped information with the University of Toronto’s Citizen Lab on the campaign. It shows that the narrative that the spyware industry just has “some bad apples” isn’t true, said John Scott-Railton, senior researcher at Citizen Lab. “It is a feature of the commercial spyware marketplace,” he said. “Targeting of journalists and civil society is a matter of when, not if.”

Furthermore, “as ever in a situation like this, if I’m a government I should be very concerned that my own personnel were targeted using this vector,” Scott-Railton said.