CISA issues alert on spyware targeting users of mobile messaging applications

CISA has identified ongoing activity by cyber threat actors exploiting commercial spyware to infiltrate users of various mobile messaging applications, resulting in unauthorized access and further mobile device compromise.

The threat actors employ several techniques including phishing, malicious QR codes linking target devices to attacker-controlled endpoints, zero-click exploits requiring no interaction from users, and platform impersonation involving messaging applications such as Signal and WhatsApp. These methods facilitate the deployment of surveillance tools without user consent or knowledge.

This cyber activity predominantly affects high-value individuals including current and former government, military, and political officials, as well as civil society organizations and individuals located in regions including the United States, the Middle East, and Europe.

Available countermeasures include updated security guidance addressing mobile communications and mitigating spyware risks. CISA recommends reviewing these resources to enhance protection of messaging applications against such threats.

Users are advised to consult the updated Mobile Communications Best Practice Guidance and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society to inform protective measures for mobile messaging platforms and to counter spyware deployment.