Government Spyware Is Targeting Journalists and Dissidents

In early 2025, WhatsApp notified roughly 90 users — most of them journalists and civil society members across Europe — that they had been targeted by Paragon Solutions, an Israeli spyware company, according to TechCrunch. Shortly after, Apple sent threat notifications to a separate group of iOS users. Forensic analysis confirmed two of them, both journalists, had been infected with Paragon's Graphite spyware through a zero-click attack.

Zero-click. As in: they did NOTHING wrong. No sketchy link. No bad download. The phone was compromised anyway.

Security researchers have documented these kinds of attacks for 15 years straight. Former Amazon CEO Jeff Bezos and Hanan Elatr — ex-wife of murdered Saudi journalist Jamal Khashoggi — were both confirmed victims of NSO Group's Pegasus spyware, according to Wired. If it can happen to Bezos, it can happen to anyone.

What Spyware Actually Does Once It's In

Once installed, spyware hands the attacker everything. Full access.

According to Pieter Arntz, senior malware researcher at Malwarebytes, operators can "read messages, observe keystrokes, take screenshots, monitor notifications, and access banking apps." Rocky Cole, cofounder of spyware detection firm iVerify, told Wired that attackers can also "exfiltrate data such as emails and texts, send messages, steal credentials, and log in to cloud systems."

End-to-end encryption doesn't save you. The spyware reads your messages before they're encrypted — straight off your screen.

ESET's security research team breaks down the main spyware types: keyloggers harvesting passwords and card numbers, GPS location trackers, call and SMS monitors, and full-system surveillance apps that combine all of the above. These aren't crude hacker tools. They are commercial products sold by private companies to governments.

How Your Phone Gets Infected

Zero-click attacks are the scariest, but they're not the only vector. According to ESET, your phone can also be compromised through:

• Phishing links sent via text, email, or social media
• Malicious apps disguised as legitimate software — including some that have slipped into the Google Play Store and Apple App Store
• Malicious ads that trigger a download when clicked
• Compromised websites that deliver spyware through your browser

Richard LaTulip, Field CISO at security firm Recorded Future — which collaborated with Google's threat intelligence team on Predator spyware findings — told Wired that infection methods are becoming "more subtle" over time. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning that adversaries are "actively leveraging" commercial spyware to target mobile messaging apps.

The Defenses That Actually Work

Apple, Google, and Meta all offer opt-in hardened security modes specifically designed to counter sophisticated spyware. Security researcher Runa Sandvik, who has spent years protecting journalists from these threats, told TechCrunch: "These features are free, easy to enable, and the best defense we have today against sophisticated spyware."

Apple's Lockdown Mode (available on iPhone, iPad, and Mac) limits attack surface dramatically — it restricts certain message attachments, blocks link previews, disables some web browsing features, and cuts off certain connection types. Yes, some functionality is reduced. The tradeoff is worth it if you're at risk.

Google's Advanced Protection Program for Android adds layers of verification and restricts which apps can access your data. WhatsApp and other Meta apps have their own security notification systems — that's literally how the 90 Paragon victims found out they'd been targeted.

Beyond those platform-level tools, the basics still matter: keep your operating system updated (patches close the holes spyware exploits), avoid sideloading apps from outside official stores, and don't click links in unsolicited messages. ESET specifically flags jailbreaking or rooting your phone as a major risk — it strips away the security architecture these defenses depend on.

What Mainstream Coverage Is Getting Wrong

Most tech coverage frames this as a problem for journalists and dissidents in authoritarian countries. But CISA's warning wasn't targeted at foreign dissidents — it was issued to American users. Commercial spyware is a global market, and the customer list doesn't stop at authoritarian governments. Law enforcement agencies in democratic countries have purchased these tools too, according to documented evidence.

Most coverage also avoids a crucial question: accountability for the companies building this. NSO Group and Paragon Solutions are private businesses. They have investors, executives, and sales teams. The spyware doesn't sell itself. The conversation about this threat keeps focusing entirely on the technical defenses while quietly skipping the question of who's buying these tools and why governments keep allowing the market to exist.

What You Need to Do

Your phone contains your location history, your private conversations, your financial data, your medical information, and your contact list. Spyware gives a complete stranger all of that — silently, with no trace you'd notice.

The defenses exist. They're free. They work. Turn them on.

If you're a journalist, activist, lawyer, executive, or anyone else in a position of influence or visibility, the threat is real.