top of page
outsystems-Q225-prospecting-ban-v1-300x600.png
outsystems-Q225-prospecting-ban-v1-728x90.png
TechNewsHub_Strip_v1.jpg

LATEST NEWS

Alert: Spyware crews are Actively hijacking Signal and WhatsApp accounts of high-value targets

  • Marijan Hassan - Tech Journalist
  • 1 day ago
  • 2 min read

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning that state-backed and sophisticated criminal threat actors are actively leveraging commercial-grade spyware to compromise mobile devices belonging to users of encrypted messaging apps like Signal and WhatsApp.


ree

The advisory stresses that hackers are not breaking the apps' end-to-end encryption. Instead, they’re installing spyware directly onto the victim's smartphone, allowing them to read messages before they are encrypted or after they are decrypted.


Bypassing encryption

CISA warns that the sophisticated campaigns are focusing on "high-value" targets, including current and former high-ranking government officials, military personnel, journalists, activists, and civil society organizations across the United States, Europe, and the Middle East.


The threat actors are utilizing an increasingly dangerous array of tactics to achieve silent compromise:


  • Zero-Click Exploits: This highly advanced technique allows a device to be infected simply by receiving a specially crafted message, file, or network request, requiring no interaction from the user to install the spyware. CISA cited recent reports of zero-click vulnerabilities being exploited in the wild on both Android and iOS devices, including a known flaw in Samsung devices.

  • Malicious Device-Linking QR Codes: The attackers trick users into scanning fake QR codes, which secretly link the victim’s messaging account to a device controlled by the attacker. This technique, previously reported by Google Threat Intelligence, was observed targeting Signal users by Russian-aligned groups.

  • App Impersonation: Sophisticated spyware campaigns are creating lookalike phishing pages or spoofed app updates that deliver malware when users try to download what they believe is a trusted messaging app update.


The deployed spyware gains deep access to the victim's mobile device, allowing the attackers to steal sensitive data, including reading all messages, accessing contacts and media files, taking screenshots, turning on the microphone, and extracting two-factor authentication codes.


Defense recommendations

If you’re a potential victim, here are some steps you can take to mitigate the risk.:


Update immediately: Ensure all mobile operating systems (iOS/Android) and apps are set to automatically update to patch known vulnerabilities.

  • Audit linked devices: Periodically check the "Linked Devices" section on WhatsApp and Signal and immediately log out of any unknown or suspicious sessions.

  • Enable lockdown mode (iOS): Users in high-risk groups should enable Apple's Lockdown Mode, which strictly limits certain device functionalities to reduce the attack surface.

  • Use strong authentication: Move away from SMS-based multi-factor authentication (MFA) and enable FIDO phishing-resistant authentication wherever available.


The agency stressed that while the threat is acute for high-profile users, all individuals should remain vigilant and exercise caution with unexpected messages or files, even from trusted contacts whose accounts may already be compromised.

wasabi.png
Gamma_300x600.jpg
paypal.png
bottom of page