Mobile Messaging Account Compromises and Spyware Threats
Security researchers and intelligence analysts have documented a series of incidents and trends highlighting the risks to mobile messaging accounts and devices. In December, a new form of WhatsApp account hijacking called GhostPairing was identified, where attackers trick users into linking an attacker-controlled browser to their WhatsApp device, potentially exposing sensitive information. Separately, researchers uncovered large-scale scraping of WhatsApp's contact discovery tool, resulting in the exposure of billions of phone numbers and associated profile data. Meanwhile, spyware threats targeting both iPhone and Android users have escalated, with zero-click attacks enabling adversaries to compromise devices and access encrypted messaging apps such as WhatsApp and Signal. Apple and Google responded by patching vulnerabilities believed to be exploited by commercial spyware like Predator, and the US CISA issued warnings about the active targeting of mobile messaging applications.
In another high-profile case, the Iranian-linked Handala hacking group claimed to have fully compromised the mobile devices of two Israeli officials. However, forensic analysis revealed that only their Telegram accounts were breached, not the entire devices. The attackers likely used techniques such as SIM swapping, SS7 exploitation, and phishing to gain access, exposing gaps in session management and account security on encrypted messaging platforms. These incidents underscore the growing sophistication of attacks against mobile messaging services and the need for robust security measures, including privacy controls, passkey-encrypted backups, and vigilance against phishing and SIM-based attacks.
Sources
Related Stories
WhatsApp Vulnerabilities and Malware Targeting User Privacy and Security
A recently discovered vulnerability in WhatsApp allowed researchers to enumerate up to 3.5 billion active accounts by exploiting the app's contact syncing feature. This flaw, responsibly disclosed by researchers at the University of Vienna and subsequently patched by Meta, could have enabled malicious actors to build massive databases of phone numbers linked to WhatsApp, along with associated profile photos and "About" texts. While there is no evidence the vulnerability was exploited in the wild, the incident highlights the risks posed by convenience features and the critical importance of protecting phone numbers as sensitive personal data. In addition to this privacy risk, WhatsApp users are being targeted by a new Android malware that propagates itself through the platform. The malware automatically replies to incoming WhatsApp messages with malicious links, leveraging the trust users place in their contacts to spread further. This attack exploits the phenomenon of "context collapse," where users' social boundaries blur on messaging platforms, making them more susceptible to social engineering. These developments underscore the growing threat landscape facing WhatsApp users, combining both technical vulnerabilities and sophisticated social attacks.
3 months agoSocial Engineering Scams Exploiting Mobile Device Features to Steal Credentials and Funds
Cybercriminals are increasingly leveraging built-in features of popular mobile platforms to execute sophisticated social engineering scams aimed at stealing sensitive credentials and financial assets. On WhatsApp, scammers exploit the screen-sharing function by impersonating trusted entities such as bank employees or support agents, coercing victims into sharing their screens under the pretense of resolving urgent security issues. This access enables attackers to view and capture one-time passwords (OTPs), banking details, and other personal information, resulting in significant financial losses. In response, Meta has introduced AI-powered safety tools, including real-time warnings when users attempt to share their screens with unknown contacts, to mitigate these attacks. Similarly, iPhone users are being targeted through phishing campaigns that exploit the "Find My" feature. After a device is lost or stolen, scammers send convincing fake messages—purportedly from Apple Support—containing links that claim to help locate the missing phone. By leveraging accurate device details and the victim's sense of urgency, attackers trick users into divulging their Apple ID credentials, potentially granting full access to personal data and accounts. Authorities such as Switzerland’s National Cyber Security Centre have issued warnings about these tactics, emphasizing the need for heightened vigilance when responding to unsolicited messages related to lost devices.
4 months agoActive Spyware Campaigns Targeting Mobile Messaging Apps and Android Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a surge in sophisticated spyware campaigns targeting users of popular mobile messaging applications such as Signal, WhatsApp, and Telegram. Threat actors are leveraging commercial spyware and remote access trojans (RATs), employing tactics like social engineering, device-linking QR codes, zero-click exploits, and spoofed app versions to compromise high-value individuals, including government officials. Notable campaigns include the use of Android spyware like ProSpy, ToSpy, and ClayRat, as well as the exploitation of vulnerabilities in iOS, WhatsApp, and Samsung devices to deploy malware such as LANDFALL, with the goal of persistent access and data exfiltration. In a related development, researchers at Certo Software have identified a new Android RAT dubbed RadzaRat, which masquerades as a legitimate file manager app. RadzaRat provides attackers with full remote control over infected devices, supports large-scale file transfers, and features keylogging capabilities to steal sensitive information. Alarmingly, RadzaRat is currently undetectable by all major antivirus solutions and is openly available for download, increasing the risk of widespread abuse. These findings underscore the growing threat posed by advanced spyware and RATs targeting mobile platforms, often bypassing traditional security defenses and exploiting user trust in legitimate-looking applications.
3 months ago