Is WhatsApp still secure? Meta warns of zero-click spyware campaign

"Spyware companies must be held accountable for their unlawful actions."

Is WhatsApp still secure? Meta warns of zero-click spyware campaign
WhatsApp protects its users' messages with end-to-end encryption (Photo by Rachit Tank on Unsplash)

Meta has claimed an Israeli spyware company hacked dozens of people across more than 20 countries using a stealthy zero-click exploit.

More than 90 victims, including journalists, were allegedly sent PDF files in a group chat that were boobytrapped to compromise targets without requiring any user interaction.

It is not clear who launched the campaign using the Israeli spyware, which targeted people in Europe and across the world. We have decided not to name the manufacturer of the surveillance software for legal reasons.

WhatsApp has now sent the spyware manufacturer a cease-and-desist letter and promised to "continue to protect people's ability to communicate privately".

“WhatsApp has disrupted a spyware campaign... that targeted a number of users including journalists and members of civil society," a spokesperson said. "We’ve reached out directly to people who we believe were affected. This is the latest example of why spyware companies must be held accountable for their unlawful actions."

How to protect yourself against zero-click attacks

Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf, told Machine that the spyware campaign "was another precise attack targeting individuals with highly valued access or contacts".

"When spyware does hit, it is often a sophisticated threat that uses advanced techniques to maintain persistence," he warned. "It’s important to remember that spyware is still very rare for the average user to encounter – in fact, fewer than 1% of workers experience any form of malware on a mobile device. However, we have observed an uptick in sophisticated attacks over the past 12–18 months targeting mobile workers, so journalists and other high-profile individuals should be wary of the malware.

"Meta should be praised for proactively issuing a warning about the attack. Encouraging transparency and the safe sharing of breach details will be critical to properly addressing the threat posed by spyware."

Boynton recommended that individuals who believe their device could be compromised enable preventative security features such as Lockdown Mode on iPhone as well as keeping their devices updated with latest version of operating system.

"Companies should also consider investing in threat prevention and additional discovery tools to protect their employees," he added. "Users suspecting spyware should start with Amnesty International, which offers IoCs and support to identify known threats. If compromised, it is recommended that users avoid wiping the device, as remnants help security experts analyse and strengthen defences.”

Have you got a story or insights to share? Get in touch and let us know. 

Follow Machine on XBlueSky and LinkedIn