You’ve heard about Pegasus spyware for years, now get ready for Paragon. The two similar-sounding brands are also similar in that they are based in Israel, have government and intelligence agency ties, and are supposed to only be sold to “good guy” governments for law-abiding purposes. But while that appeared to be the case for the Paragon spyware for some time, allowing it to dodge the negative press its cousin has been getting, new accusations levied by WhatsApp may put it under the same spotlight.
WhatsApp says that some two dozen governments, all reportedly democracies, leveraged Paragon spyware via its platform to track journalists, NGO workers and activists among others. In total there were about 90 Paragon targets identified across the world. Like Pegasus the Paragon spyware has “zero click” capability, but WhatsApp reports that a malicious PDF was the primary vector by which it was spread on the platform.
Paragon spyware raises fresh questions about “legitimate” players in the industry
Spyware vendors get by with promises that they will not sell their software to authoritarian governments or let it be used for anything but investigation of serious crimes that threaten national security. Leaks that indicate Pegasus vendor NSO Group has a poor record of holding to this standard put a major dent in its sales, to include being blackballed from the United States by the Biden administration.
While Paragon has not been hit with similar leaks demonstrating similar malfeasance, the prior abuse of Pegasus is naturally going to subject it to some very hard scrutiny. WhatsApp has declined to publicly state what governments have been using Paragon spyware in this way, only saying there are about two dozen and “several” are in Europe. An inside source, speaking with The Guardian anonymously, claimed that Pegasus and Paragon have some overlap in their client lists and that in that space are some democracies already known to abuse spyware from their prior dealings with NSO Group: Greece, Poland, Hungary, Mexico and India among them. Some US federal agencies have been confirmed to have contracts with Paragon, but there is not yet any indication they are among the accused abusers.
Furor in Italy puts Paragon in the spotlight
While WhatsApp has declined to name the specific countries involved, Italy is a safe bet as one of the “several in Europe” it alluded to. The Meloni government has gone on the defensive after three private individuals, one a journalist and two working with activist and non-profit groups, have come forward to accuse it of deploying spyware to track their activities. The use of Paragon spyware is heavily suspected as Paragon has canceled its contracts with the Italian government, citing breaches of its “terms of service and ethical framework.”
The Paragon spyware, called “Graphite,” has technical capabilities comparable to Pegasus. It reportedly has a similar zero click capability, but WhatsApp says that the attacks delivered via its platform were centered on inviting targets to a group chat in which they would be served with a malicious PDF file.
WhatsApp has enjoyed a recent court victory against NSO Group, but it has not announced any legal action against Paragon as of yet. Thus far it has settled for sending the company a cease-and-desist letter, and it says that it is privately contacting any victims it identifies to offer security assistance.
