CISA issues alert on spyware targeting mobile messaging app users

The Cybersecurity and Infrastructure Security Agency (CISA) has identified the use of commercial spyware by various cyber threat actors targeting users of mobile messaging applications. These intrusions involve unauthorized access to messaging apps, enabling further malicious activity on affected mobile devices.

The agencies note specific tactics employed by threat actors, including phishing attacks and malicious device-linking QR codes that compromise accounts by linking them to attacker-controlled devices. These actors also use zero-click exploits that do not require any user interaction on devices. Additionally, there have been cases of platform impersonation involving messaging applications such as Signal and WhatsApp. Targeting appears to be opportunistic but tends to focus on high-ranking government, military, and political officials, as well as civil society organizations in regions including the United States, the Middle East, and Europe.

The consequences of these cyber espionage activities include unauthorized control over messaging app functionalities and potential deployment of additional harmful payloads on compromised devices, potentially degrading the security and privacy of targeted users.

At present, CISA has not provided specific fixes but recommends that users consult updated guidance on mobile communications and protections against spyware. This guidance offers recommendations aimed at securing messaging apps and limiting the impact of these attacks.

The agency advises reviewing available resources related to mobile communications best practices and mitigation strategies appropriate for users and organizations with limited cybersecurity resources, focusing on preserving secure communications and reducing spyware risks.