In early 2025, WhatsApp notified roughly 90 journalists and civil society members across Europe: they were targeted by Israeli spyware company Paragon Solutions, TechCrunch reported. Apple also sent threat notifications to iOS users. Forensic analysis confirmed two journalists were hit with Paragon’s Graphite spyware via a zero-click attack, per Zamin Uz. These attacks expose a critical vulnerability: while tech giants deploy broad protections, highly sophisticated, targeted spyware still breaches defenses, especially for high-value users. This ongoing cat-and-mouse game between platforms and state-backed developers will intensify. High-risk individuals must remain vigilant, adopting multi-layered security strategies.
The Scale of Tech's General Defenses
- Gmail blocks 99.9% of suspicious or dangerous emails, per Google Safety.
- Google blocks billions of bad ads annually, averaging 100 per second, according to Google Safety.
- Since March 2023, Meta has blocked and shared over 1,000 malicious links across its platforms, according to Meta About.
The vast, automated defenses safeguarding billions daily from common digital threats are revealed by these figures. Tech companies pour resources into maintaining a baseline security for their massive user base, but these broad measures often miss highly targeted attacks.
Advanced Tools in the Spyware Arms Race
Tech companies are also deploying more specific features against spyware. The Play Integrity API, for instance, lets developers verify if a device is compatible with Google Play Protect, if Play Protect is active, and if it found any Potentially Harmful Apps (PHAs), as noted by Google Developers. This offers a deeper check on device integrity.
Meta detected and disrupted nearly ten new malware strains this year, according to Meta About. This signals a move towards proactive threat intelligence. Companies now actively hunt and neutralize novel malware, shifting beyond simple blocking to anticipate new threats. However, even these advanced tools struggle against zero-click, state-sponsored attacks.
The Broader Threat Landscape
Paragon’s Graphite spyware uses 'zero-click' attacks, meaning high-value targets are compromised without user interaction, TechCrunch reported. This makes traditional advice like 'don't click suspicious links' obsolete. A multi-pronged defense strategy is essential, moving beyond general security measures.
The confirmed targeting of 90 journalists and civil society members by Paragon, via Apple and WhatsApp, reveals a deliberate state actor strategy to silence or surveil critical voices. This isn't a scattergun approach; it's a precision strike, as Zamin Uz noted. The vast number of general digital threats blocked by tech giants obscures a critical vulnerability: broad defenses fail against highly targeted, zero-click state-sponsored spyware.
What's Next in the Spyware Arms Race
The escalating sophistication of zero-click spyware suggests that if platforms and high-risk users don't continuously adapt their defenses, targeted breaches will likely become more frequent.
Your Questions Answered: Staying Safe from Spyware
How can I tell if my phone has spyware?
Unusual battery drain, slow performance, or unexpected reboots can signal spyware. You might also notice unexplained data usage or your device getting unusually warm. Look for unfamiliar apps or settings changes you didn't make.
What are the best apps to detect spyware?
No app guarantees 100% protection against zero-click state-sponsored threats. However, reputable antivirus apps can detect common spyware. For Android, Avast, Bitdefender, or Malwarebytes offer scanning and real-time protection, according to SafetyDetectives. For iPhones, Apple's built-in security is strong, but a network-level security tool adds defense.
How to remove spyware from Android phone?
To remove Android spyware, first, disconnect from the internet. Boot into safe mode to disable third-party apps, then uninstall suspicious applications. If the issue persists, a factory reset is often most effective, but back up all data first.
