Governments in Australia, Canada, Cyprus, Denmark, Israel and Singapore are likely customers of SPYware, developed by Israel’s Paragon Solutions, according to a new report from Citizen Lab.
Founded in 2019 by Ehud Barak and Ehud Schneorson, Paragon is a manufacturer of monitoring tools called Graphite, which allows you to harvest sensitive data from instant messaging applications on your devices.
The interdisciplinary lab said six governments have identified “surprising paragon deployment” after mapping server infrastructure suspected to be associated with SPYware.
The development comes nearly two months after Meta-owned WhatsApp informed about 90 journalists and civil society members that it was allegedly targeted by Graphite. The attack was destroyed in December 2024.
Targets for these attacks included individuals spread across 20 countries, including several Europes, including Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, the Czech Republic, Denmark, Germany, the Netherlands, Portugal, Spain and Sweden.
“This is the latest example of why spyware companies must be responsible for illegal behavior,” a WhatsApp spokesman told Hacker News at the time. “WhatsApp continues to protect the ability of people to communicate personally.”
These attacks added targets to WhatsApp groups and submitted PDF documents. This will then automatically parse and trigger a currently patched zero-day vulnerability and load graphite spyware. The final stage involves letting the Android sandbox escape to compromise on other apps on the target device.
Further investigations of hacked Android devices revealed a forensic artifact called Bigpretzel, suspected to uniquely identify infections caused by Paragon’s graphite spyware.
The evidence also found evidence of a paragon infection that could potentially target an iPhone, which belongs to the founder of an organized refugee in Libyan in June 2024. Apple has since been working on attack vectors with the release of iOS 18.
“This type of merctic spyware attack is very sophisticated, costs millions of dollars to develop, and often has short shelf life and is used to target specific individuals for who they are and what they are doing,” Apple said in a statement.
“After detecting the attack in question, the security team quickly developed in the first release of iOS 18, deploying fixes to protect iPhone users, sending Apple threat notifications to notify and assist individually targeted users.”
Source link
