Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations

**Executive summary:** The Citizen Lab report details Paragon Solutions’ Graphite spyware operations, mapping victim-facing and customer infrastructure (distinct TLS certificate fingerprints and IP ranges), identifying suspected deployments across multiple countries (including Italy and a possible Canadian customer), documenting WhatsApp’s mitigation of a Paragon zero‑click exploit and notifications to ~90 accounts, and presenting forensic evidence of Android (BIGPRETZEL) and iPhone (SMALLPRETZEL) infections affecting journalists and civil-society actors.