Meta has confirmed a sophisticated zero-click spyware attack on WhatsApp, impacting high-risk users, including journalists and civil society members. Unlike conventional cyber threats, this attack does not require user interaction, making it extremely dangerous. The spyware, developed by Israel-based Paragon Solutions, has raised serious privacy concerns.

What is a Zero-Click Attack?
A zero-click attack is a cyber exploit that requires no action from the victim. Unlike phishing attacks that rely on clicking malicious links, these attacks leverage vulnerabilities to install spyware without user interaction. Once infected, the attacker gains full access to the device, including encrypted messages from apps like WhatsApp and Signal.
Who Was Targeted?
Meta has identified around 90 WhatsApp users from over 20 countries as victims of this attack. While exact locations remain undisclosed, the targeted individuals appear to be from high-risk professions. The attack highlights the increasing threat of surveillance software used to monitor journalists, activists, and government critics.
The Role of Paragon Solutions
The spyware responsible for this attack, known as Graphite, has functionalities similar to Pegasus, the infamous software developed by NSO Group. Once installed, Graphite enables attackers to access messages, call logs, and personal data, compromising the victim’s privacy entirely. Meta has taken legal action against Paragon Solutions, issuing a cease-and-desist letter.
Expert Opinions on the Attack
Cybersecurity experts emphasize that while spyware attacks remain rare for the general public, they are becoming more common for high-profile individuals. Adam Boynton, a senior security strategy manager at Jamf, noted an increase in sophisticated malware attacks on mobile devices over the past 18 months. SonicWall executive Spencer Starkey added that evolving attack techniques make detection harder for cybersecurity professionals.
How to Protect Yourself
Although this attack was targeted, all users should take precautionary measures:
- Enable Lockdown Mode (iPhone users): This restricts exposure to cyber threats.
- Update Software Regularly: Keeping devices up to date patches security vulnerabilities.
- Be Cautious of Unknown Messages: Avoid opening messages from unverified sources.
- Use Strong Privacy Settings: Regularly review and adjust app permissions.
Conclusion
The latest WhatsApp spyware attack serves as a reminder of the growing risks in digital communication. While Meta’s response has been proactive, the attack underscores the need for stronger cybersecurity measures and legal accountability for spyware developers. Users should stay informed and take necessary precautions to safeguard their digital privacy.