Update WhatsApp! Attackers injecting spyware through a single voice call
If you don't want your phone to be taken over by hackers, update WhatsApp immediately. Yes, that's exactly what the Facebook-owned messaging service is telling its users to save them from a critical vulnerability in its system. The bug has existed for weeks and is now being used by bad actors to inject spyware through simple WhatsApp voice calls. Here's all about the issue.
WhatsApp vulnerability exploited to spread spyware
Just recently, The Financial Times reported that WhatsApp had a vulnerability, which is being used by attackers to spread spyware. Reportedly, the malicious code was developed by Israeli cyber intelligence company NSO Group and is being transmitted from one device to another using WhatsApp calls. Meaning, if your app isn't updated, an attacker could inject spyware and compromise your phone with a single call.
And, apparently, you don't even have to answer
The FT report notes that the WhatsApp spyware is so dangerous that it could be injected into the phone call itself. This means that if your phone's WhatsApp gets that malicious call, your device would be compromised, regardless of whether you answer or not.
Plus, the call logs also get erased
Along with a rather unpredictable mode of transmission, the WhatsApp attack also comes with the element of secrecy. The malicious calls that you receive on WhatsApp get erased automatically from the call log, which means there is no way to know if your device has been compromised. Notably, this is one of the most dangerous WhatsApp attacks to show up in the recent past.
Here's what WhatsApp said on the issue
"The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems," WhatsApp said in a statement to FT.
Many details still remain unknown
WhatsApp discovered the security flaw early this month, deployed a fix to its servers on Friday, and released a patched version of the app on Monday. The company is urging users to update the program, but there's no word on how many users may have been targeted by the spyware. Also, the exact impact of the malicious program on mobile operating systems remains unclear.
Law enforcement also notified
WhatsApp has notified US law enforcement and is investigating the attack to assess its scale. Meanwhile, NSO group has denied being involved in the attack, saying it "would not, or could not, use its technology in its own right to target any person or organization, including this individual." The company is known for selling spyware like Pegasus to governments, intelligence agencies.