A recent investigation by The Citizen Lab has identified the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore as potential users of Graphite, a powerful spyware developed by Israeli company Paragon Solutions.
Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, created Graphite to extract sensitive data from messaging apps. Researchers linked the spyware to these governments by analyzing server infrastructures suspected to be connected to its deployment.
This revelation follows Meta-owned WhatsApp’s warning in December 2024 that around 90 journalists and civil society members had been targeted by Graphite. Victims spanned over two dozen countries, including Belgium, Greece, Germany, Spain, and Sweden.
Attackers reportedly lured targets into WhatsApp groups and sent them a malicious PDF, which exploited a now-patched zero-day vulnerability to install the spyware. The attack then bypassed Android security to infiltrate other applications. Further forensic analysis of compromised Android devices uncovered an artifact known as BIGPRETZEL, believed to be a unique identifier for Graphite infections.
Apple also discovered evidence of a Paragon spyware infection on an iPhone belonging to an activist in Italy. The company addressed the vulnerability in iOS 18 and notified affected users.
“Spyware firms must be held accountable,” a WhatsApp spokesperson stated, emphasizing the platform’s commitment to user privacy. Apple echoed this concern, highlighting the high cost and sophisticated nature of such cyber threats.
These findings reinforce growing concerns about the global use of surveillance tools and the risks they pose to privacy and security.