WhatsApp patches vulnerability used to deploy Graphite Graphite is a commercial spyware built by Israeli devs Paragon Around 90 people were targeted, WhatsApp said
WhatsApp says it has fixed a zero-day vulnerability which was apparently used by nation-states to spy on journalists, dissidents, political opponents, and others.
After being tipped off by security researchers from Citizen Lab, WhatsApp addressed a bug which allowed threat actors to deploy Graphite, a sophisticated spyware tool developed by the Israeli company Paragon Solutions.
Graphite was deployed in a “zero-click” attack, meaning no interaction from the victim was required.
Protecting your Android phone
“WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users including journalists and members of civil society. We’ve reached out directly to people who we believe were affected,” a WhatsApp spokesperson told BleepingComputer
“This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately.”
A CVE was not assigned to the vulnerability.
WhatsApp further said it notified some 90 people, located in more than two dozen countries, including Italian journalists and activists.
In theory, the attack was very simple. After obtaining their target’s phone numbers, the threat actors would add them to a WhatsApp group, before sending a weaponized PDF. Since the device automatically processes PDF files, the endpoint gets compromised without any action from the user. The next step is to escape the Android sandbox and install the spyware, which grants the attackers access to the device’s messaging applications.
Citizen Lab was analyzing Graphite’s infrastructure and found “potential links to multiple government customers,” including Australia, Canada, Cyprus, Denmark, Israel, and Singapore.
Governments in Europe and the United States have been quite vocal in their opposition to commercial spyware. In February 2022, the European Data Protection Supervisor (EDPS) recommended banning the use of Pegasus spyware within the EU, citing concerns over fundamental rights and freedoms. Pegasus’ developer team, NGO Group, was blacklisted in the United States on November 3, 2021.
You might also like
Leave a comment