WhatsApp spyware attack: Hackers could remotely install malware on devices
WhatsApp just fixed a serious bug (CVE-2025-55177) in its iOS and Mac apps that let hackers install spyware without you even tapping anything.
This flaw, used alongside a recent Apple vulnerability, has targeted dozens of users since May 2025.
Amnesty International's Donncha O Cearbhaill described it as an "advanced spyware campaign" and a "zero-click" attack, and WhatsApp has notified fewer than 200 affected people so far—though the attacker is still unknown.
WhatsApp has faced similar spyware attacks before
This isn't WhatsApp's first run-in with sneaky spyware—remember Pegasus back in 2019? That hit over 1,400 users and led to a massive lawsuit.
Even earlier this year, WhatsApp had to block another campaign aimed at journalists and activists.
It's a reminder: even big apps can be vulnerable, so keeping things updated really matters.