Spyware Used Apple Messages Bug to Secretly Spy on Journalists

A serious security issue has been found in Apple’s Messages app. This problem was used to spy on journalists in Europe using a spyware tool called Graphite, made by a company named Paragon. The attack was discovered by researchers at Citizen Lab, who found clear signs that two journalists were targeted using this flaw.

The problem is called a “zero-click” flaw, which means the person didn’t have to do anything, no clicking, no opening messages. Just receiving a message was enough for the spyware to get into their iPhones. The attackers sent a harmful image or video through iMessage. When the phone tried to open it, the spyware got installed quietly.

Apple fixed this issue in February through an update to iOS 18.3.1. But at that time, Apple didn’t say that this flaw was already being used in real attacks. It was only after Citizen Lab looked into the matter and published their findings that Apple confirmed the flaw had been used to spy on people.

One of the victims was Ciro Pellegrino, a journalist from the Italian news site Fanpage.it. He got a message from Apple on April 29, 2025, warning that his iPhone had likely been targeted. After checking his phone, experts found that it had been infected earlier in the year, around January or February, when it was running an older version of iOS.

Another journalist in Europe, whose name hasn’t been shared, was also targeted. Both cases involved the same attack method and the same iMessage account. The infected phones reached out to the same internet server, which was linked to Paragon’s spyware system.

Graphite spyware is a powerful tool. It can break into apps like WhatsApp and Signal, record messages, turn on the camera and microphone, and collect files and photos. This is the first time experts have found this spyware on iPhones, and that’s a big deal.

Apple later updated its website to say the bug had been used in a “targeted attack.” They also sent warning messages to people who might have been targeted. Apple suggested that anyone at high risk, like journalists or human rights workers, should turn on “Lockdown Mode,” which gives extra protection from these types of attacks.

This news is part of a larger pattern. Earlier this year, another spyware campaign linked to Paragon was stopped by WhatsApp. That one tried to infect almost 90 people, many of them in Europe. Now, there’s growing concern that these spyware tools are being used to watch journalists, which is a threat to free speech.

What makes this case even more worrying is how hard it is to detect. The spyware used tools and tricks that left no signs. The phones looked normal. The victims had no idea they were being watched. This kind of attack shows that even strong phones like iPhones can be broken into.

Experts say the best way to stay safe is to keep your phone updated and turn on features like Lockdown Mode. People who think they might be targets, like reporters, politicians, or lawyers, should be extra careful.

There are also bigger questions here. Spyware companies like Paragon say they only sell to governments. But if these tools are being used to track reporters, then there needs to be more rules about how they’re sold and who can use them. Right now, it’s not always clear who’s behind these attacks or what they’re trying to do.

This story is a strong reminder that digital spying is real. It’s not just in movies anymore. Phones can be turned into tracking devices without the owner even knowing. That’s why it’s so important to stay aware, use the tools we have for protection, and call for better rules to stop this kind of spying from becoming the norm.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news