In a shocking disclosure, WhatsApp revealed that it just discovered a sophisticated cyberattack aiming at about 100 people, including members of civil society and journalists spread across more than two dozen countries. Tracing the hack to Israeli monitoring company Paragon Solutions, privacy, press freedom, and human rights have once more been under question.[1]
How the Attack was Discovered ?
WhatsApp’s security team found odd activity and identified a “zero-click” attack. Zero-click exploits are rather risky since they lack user interaction unlike conventional cyberattacks.
Using code flaws in the software, the attackers delivered several dangerous PDF files over WhatsApp group chats. Once turned on, the malware stealthily stole images, passwords, encrypted messages, even control over the microphone and camera from the devices.
WhatsApp tracked the attack back to Paragon Solutions and disturbed the exploit in December 2024 after working with Citizen Lab, a cybersecurity research group at the University of Toronto. Notified affected users, Paragon received a cease-and-desist letter to try to make them answerable.[1][7]
A WhatsApp spokesman reiterated the platform’s position on user privacy:
“This is the latest example of why spyware businesses must be held accountable for their illicit conduct. WhatsApp will keep safeguarding people’s right to have private communication.”
What is a Zero Click Attack ?
Among the most sophisticated cyberattacks, zero-click assaults demand no victim action. Rather, attackers take advantage of weaknesses in automatically processing incoming data applications as email and messaging systems. Since these attacks can use encrypted channels and self-destructing messages, they are challenging to identify. [2] [1]
How it works ?
- Exploiting Vulnerabilities – Targeting weaknesses in software, especially in applications handling untrusted input, attackers aim to These can be unpatched flaws or zero-day vulnerabilities—previously unheard-of to developers.
- Delivering malicious codes – The exploit is communicated via trusted channels from apparently benign material including an image, PDF, or text message.
- Executing the Attack – Once processed, the spyware installs itself and provides access to sensitive data including messages, pictures, passwords, even real-time microphone or camera feeds.
- Stealth and Automation: These almost impossible to detect attacks leave little traces. [3]
WhatsApp‘s Response :
WhatsApp immediately acted against Paragon Solutions after effectively blocking the attack route employed in this operation. The corporation sent a cease-and-desist letter and extensively examined the hack under the direction of cybersecurity specialists. Affected consumers were also given direction and information on protecting their devices.[7]
Calls for Accountability
The WhatsApp hack highlights how urgently better laws on the creation and use of spyware are needed. Unchecked spread of such technology, advocacy organizations underline, compromises individual privacy, journalistic freedom, even democratic institutions. They demand more responsibility and openness from government agencies running these tools as well as from spyware producers.[7]
Notable Zero-Click Attacks from past
This occurrence is not the first one. The past has seen several other well-known zero-click attacks documented:
● Pegasus Spyware (NSO Group) targets activists, reporters, and even government officials all over.
● Apple iMessage FORCEDENTRY Exploit: Let attackers remotely install spyware bypassing Apple security.
● WhatsApp Missed Call Exploit: Through a missed call, a vulnerability let malware infect a device.
● Apple Blast Door Vulnerability: Taken advantage of to send iMessage zero-click spyware.[8]
Conclusion :
Commercial spyware is evolving and easily accessible, hence the potential of abuse is rising. To control these dangers, stronger cybersecurity rules, more thorough international control, and improved digital defenses are needed. People also have to be conscious by keeping softwares updated, removing outdated apps, and employing security-oriented solutions to protect their personal data.[8]
References :
[1] WhatsApp says journalists and civil society members were targets of Israeli spyware- https://www.theguardian.com/technology/2025/jan/31/whatsapp-israel-spyware
[2] Zero Click Exploits –
https://www.kaspersky.com/resource-center/definitions/what-is-zero-click-malware
[3] An Introduction to Zero-click attacks
https://www.lrqa.com/en/insights/articles/an-introduction-to-zero-click-attacks
[4] WhatsApp Zero-Click Paragon Spyware Terminates Contract with Italy- https://cybersecuritynews.com/whatsapp-zero-click-paragon-spyware/
[5] WhatsApp Hack Alert: Your phone might be hacked without clicking any link. Know about the ‘Zero-Click’ spyware –https://economictimes.indiatimes.com/?back=1
[6] What’s a Zero-Click Exploit & Zero-Click Malware? – https://sectigostore.com/blog/whats-a-zero-click-exploit-zero-click-malware/
[7] Israeli Firm Paragon Deploys Zero-Click Spyware to Compromise WhatsApp – https://hoploninfosec.com/paragon-deploys-zero-click-spyware-to-whatsapp/
[8] What is zero click attack ? Examples and Prevention https://www.wallarm.com/what/zero-click-attack
Fig-1 https://www.pcmag.com/how-to/what-is-a-zero-click-attack
Interesting post!
This incident shows how dangerous spyware can be when targeting journalists and civil persons. The WhatsApp reacted quickly is one of the good thing, but the it raises the concern that whether the tech companies are giving enough efforts to prevent this type of attacks. According to me, stricter laws should be imposed on spyware companies like Paragon Solutions. With stronger cybersecurity measures, often security updates and increased user awareness, governments and tech companies also work together to tackle this type of threats.
Great post! This discussion holds great significance because zero-click attacks are both increasing in frequency and growing more sophisticated. These attacks require no user interaction, unlike traditional phishing attacks which makes them both highly dangerous and hard to detect. The capability of spyware to control a device’s microphone and camera while accessing messages without user interaction sends a chilling message about security vulnerabilities. This serves as a reminder that state-backed surveillance tools can still penetrate the security of encrypted messaging applications. Your historical analysis demonstrates the evolution of these attack methods. Each attack from Pegasus to the WhatsApp missed call exploit demonstrated new capabilities of spyware. The discovery of these vulnerabilities typically comes after malicious actors have exploited them in real-world scenarios.
The post looks fantastic, Krupali! You did an excellent job covering all the critical details, especially in the “How It Works” section. It provides a clear, in-depth explanation of the methods used in the attack, making it easy to understand how complicated and dangerous zero-click exploits can be. Your outline of the vulnerabilities, delivery mechanisms, and stealth tactics comprehensively expresses how these attacks operate. One factor that stood out to me was the effectiveness of this attack’s capability to bypass end-to-end encryption. The security measures set in place to prevent messages from interception, such as the zero-click attack, exploit vulnerabilities in how the application processes these encrypted messages, such as through malicious PDFs or images, which allows the malware to be activated before the user even decrypts the content. This method effectively bypasses what is typically considered a robust security feature, making the attack even more insidious.
Thank you for your insightful post, Krupali. It is deeply concerning that companies such as Paragon Solutions and NSO Group employ advanced zero-click attack techniques while asserting that their services support law enforcement efforts. This has evolved into a commercial enterprise accessible to those with the financial means to procure such capabilities. Moreover, these cyber threats often remain undetected or undisclosed until independent cybersecurity research organizations, such as Citizen Lab, bring them to public attention. The proliferation of spyware as a business model poses significant risks and necessitates stringent regulatory oversight. Notably, Citizen Lab played a crucial role in uncovering the Pegasus spyware several years ago [1].
[1] Marczak, B., Scott-Railton, J., Senft, A., Poetranto, I., & Deibert, R. (2018, September 18). Hide and seek: Tracking NSO Group’s Pegasus spyware to operations in 45 countries. Citizen Lab. https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/