Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Home Mobile Security CISA Warns of Spyware Gangs Targeting Signal and WhatsApp Users
CISA advisory Mobile Security Spyware Zero-Click Exploits

CISA Warns of Spyware Gangs Targeting Signal and WhatsApp Users

The alert, issued in late November 2025, reveals that attackers are bypassing encryption protocols via social engineering, and spoofed apps.
December 03, 2025

 

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about state-backed threat actors and cyber-mercenaries actively exploiting commercial spyware to compromise Signal and WhatsApp accounts belonging to high-value targets. The alert, published in late November 2025, reveals that attackers are bypassing encryption protocols through sophisticated social engineering, spoofed applications, and zero-click exploits rather than breaking the encryption itself.

Targeted victims

CISA identifies the primary targets as high-value individuals including current and former senior government officials, military personnel, political figures, and civil society organizations across the United States, Middle East, and Europe. Attackers establish initial access through spyware deployment, then use that foothold to deliver additional malicious payloads and expand their control over compromised devices.

Modus operandi 

The campaigns employ multiple sophisticated techniques to sidestep encryption protections. Russia-aligned groups including Sandworm and Turla exploited Signal's linked devices feature by tricking victims into scanning malicious QR codes, allowing attackers to quietly add their own devices to accounts and intercept messages in real time. Palo Alto Networks' Unit 42 uncovered the LANDFALL spyware campaign targeting Samsung Galaxy devices through a zero-click WhatsApp exploit that required only sending a malicious image to compromise the device upon receipt.

Additional campaigns relied on app impersonation tactics, with ProSpy and ToSpy masquerading as legitimate applications like Signal and TikTok to harvest chat data, recordings, and files. Zimperium researchers identified ClayRat, an Android spyware family distributed across Russia through counterfeit Telegram channels and phishing sites impersonating WhatsApp, TikTok, and YouTube.

Policy implications

The alert arrives during increased scrutiny of commercial spyware vendors. The US government recently prohibited NSO Group from targeting WhatsApp users with Pegasus spyware, and the House of Representatives banned WhatsApp from staff devices earlier in 2025 due to security concerns. CISA's warning underscores a critical reality: attackers are not breaking encryption algorithms but instead exploiting vulnerabilities in the underlying devices and application features that encrypted messengers rely upon.
Tags: CISA advisory Mobile Security Spyware Zero-Click Exploits
Share it:

CISA advisory

Mobile Security

Spyware

Zero-Click Exploits