A government spyware has infiltrated WhatsApp for months without user interaction to intercept private communications.
WhatsApp has confirmed that it has patched a critical vulnerability exploited by government spyware. For several months, a zero-day flaw allowed Graphite, a surveillance tool developed by Paragon Solutions, recently acquired by an American group, to infiltrate Android smartphones without any required interaction from victims. This campaign was backed by several states eager to monitor journalists, activists, and civil society members. After being alerted by Citizen Lab researchers, the messaging service patched the vulnerability late last year and informed the affected individuals.
To compromise a smartphone, all it took was a malicious PDF file. Attackers would add their targets to a WhatsApp group and send them the infected document. Upon receipt, the file exploited a flaw in the app’s automatic handling of attachments, triggering the immediate installation of the Graphite spyware. No clicks were needed, and there were no visible signs on the device. Once activated, the spyware bypassed Android's protections, accessed other applications, and intercepted private messages. WhatsApp noted that it neutralized the attack after Citizen Lab's intervention, which traced the spyware's technical chain and identified several infrastructures linked to Paragon. The messaging teams reacted by deactivating the vulnerability remotely before it could be more widely exploited, without requiring a user-side update. Around 90 potential victims across more than twenty countries were directly warned of the risk of infection.
