The cybersecurity agency CISA issued a warning on Monday about the growing use of commercial spyware to target users of mobile messaging applications such as WhatsApp and Signal.
According to CISA, “Cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.”
The agency highlighted several threats and incidents reported this year by the cybersecurity industry. It noted that attackers have used zero-day and zero-click exploits to deliver spyware to specific targets. Examples include WhatsApp-based attacks against Apple device users and Samsung phone owners being infected with Android spyware known as Landfall.
CISA also pointed to cases where Russian threat actors exploited Signal’s linked devices feature to conduct real-time surveillance. The alert further referenced NSO spyware targeting WhatsApp users, raising concerns about risks to strategic individuals.
Additional incidents involved hackers disguising spyware as popular messaging apps. ClayRat Android spyware was distributed to Russian users disguised as WhatsApp, while ProSpy and ToSpy were delivered to Android users in the United Arab Emirates disguised as Signal and ToTok.
CISA emphasized that while current targeting appears opportunistic, evidence shows cyber actors are focusing on high-value individuals. These include current and former senior government, military, and political officials, as well as civil society organizations and individuals across the United States, the Middle East, and Europe.
The agency urged at-risk users to review its updated guidance for mobile communications security and its recommendations for civil society groups.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
