WhatsApp Introduces Strict Account Settings for Lockdown-Style Spyware Defense
WhatsApp announced a new optional security mode, “Strict Account Settings,” designed to reduce exposure to highly sophisticated attacks—particularly mercenary spyware—by limiting risky functionality when enabled. The feature is expected to roll out in the coming weeks and includes restrictions such as blocking attachments and media from people not in a user’s contact list; it can be enabled via Settings > Privacy > Advanced. WhatsApp positioned the change as an additional layer beyond default end-to-end encryption, aimed at higher-risk users such as journalists and public-facing figures, and noted its ongoing legal fight with NSO Group over the 2019 Pegasus campaign that targeted roughly 1,400 WhatsApp users.
The approach mirrors Apple’s Lockdown Mode, which similarly reduces attack surface for a small subset of users who may be personally targeted by advanced threats by disabling or constraining features across core services. Apple documents that Lockdown Mode blocks most message attachment types, limits complex web technologies, restricts incoming FaceTime calls to recent contacts, blocks certain Apple service invitations, and removes some photo-sharing metadata—trading usability for stronger protection against targeted exploitation. Together, the updates reflect a broader industry pattern of offering opt-in, high-friction hardening modes to mitigate spyware and other highly targeted intrusion techniques.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Meta discloses Rust migration in WhatsApp media features
Alongside the Strict Account Settings announcement, Meta said it is adopting Rust in WhatsApp's media-sharing and media-validation components to reduce memory-safety risks from malicious files and spyware. The company described this as part of a broader defense-in-depth strategy that also includes hardening existing C/C++ code.
WhatsApp announces Strict Account Settings anti-spyware feature
Meta announced WhatsApp's new Strict Account Settings in late January 2026 as a lockdown-style security feature for high-risk users such as journalists, activists, and public figures. The feature applies restrictive privacy and security controls, including limiting or blocking interactions from unknown contacts, and is set to roll out gradually over the coming weeks.
Federal judge bars NSO Group from using WhatsApp infrastructure
In December 2025, a federal judge ruled that NSO Group can never again use WhatsApp infrastructure for spyware attacks, according to WhatsApp's description of the case. NSO Group has contested the injunction and argued it could bankrupt the company.
Apple introduces Lockdown Mode for high-risk users
Apple introduced Lockdown Mode in July 2022 as an optional extreme-protection feature for people who may be personally targeted by highly sophisticated digital threats such as mercenary spyware. The mode reduces device attack surface by restricting functionality across apps, web technologies, calls, invitations, and device connections.
NSO Group allegedly targets about 1,400 WhatsApp users with Pegasus
In 2019, roughly 1,400 WhatsApp users were reportedly targeted using NSO Group's zero-click Pegasus spyware through WhatsApp infrastructure. The incident became a key reference point for later WhatsApp anti-spyware protections and litigation.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
11 references tracked. Mallory keeps watching after this page renders.
Locking Down the Chat: WhatsApp Debuts "Strict Mode" to Combat Pegasus Spyware
securityonline.info
Open sourceWhatsApp Adds One-Tap Security Settings for Added Privacy
techrepublic.com
Open sourceWhatsApp enhances security with strict account settings and Rust integration | SC Media
scworld.com
Open sourceNew WhatsApp lockdown feature protects high-risk users from hackers
bleepingcomputer.com
Open sourceWhatsApp rolls out Strict Account settings to strengthen protection for high-risk users
securityaffairs.com
Open sourceWhatsApp unveils anti-spyware ‘lockdown’ feature | The Record from Recorded Future News
therecord.media
Open sourceWhatsApp’s new 'Strict Account Settings' Adds Lockdown-Style Protection Against Spyware |CyberScoop
cyberscoop.com
Open sourceAbout Lockdown Mode - Apple Support (CA)
support.apple.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


