The cybersecurity agency CISA on Monday issued a warning over the use of commercial spyware to target the users of mobile messaging applications such as WhatsApp and Signal.
“Cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device,” CISA said.
The agency has referenced several threats and incidents detailed this year by the cybersecurity industry.
It pointed out that threat actors have leveraged zero-day and zero-click exploits to deliver spyware to targeted users. Examples provided by the agency include attacks conducted via WhatsApp against Apple device users, and Samsung phone owners being targeted with Android spyware named Landfall.
The cybersecurity agency also pointed to attacks in which Russian threat actors exploited Signal’s ‘linked devices’ feature for real-time spying.
CISA’s alert also cites NSO spyware targeting WhatsApp users and the potential risks for strategic targets.
The alert also references incidents in which hackers delivered spyware by disguising it as popular messaging applications. The ClayRat Android spyware, for instance, was delivered to Russian users disguised as WhatsApp. ProSpy and ToSpy were delivered to Android users in the United Arab Emirates disguised as Signal and ToTok.
“While current targeting remains opportunistic, evidence suggests these cyber actors focus on high-value individuals, such as current and former high-ranking government, military, and political officials, as well as civil society organizations (CSOs) and individuals across the United States, Middle East, and Europe,” CISA noted.
CISA has urged at-risk users to review its updated guidance for mobile communications security and its guidance for civil society.
Related: Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
Related: Samsung Patches Zero-Day Exploited Against Android Users
Related: Apple Sends Fresh Wave of Spyware Notifications to French Users
