Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
widely-deployed-product-advisorystate-sponsored-espionageidentity-authentication-vulnerability

WhatsApp Introduces Strict Account Settings for Lockdown-Style Spyware Defense

Updated 2d agoFirst seen Jan 27, 202611 sources

WhatsApp announced a new optional security mode, “Strict Account Settings,” designed to reduce exposure to highly sophisticated attacks—particularly mercenary spyware—by limiting risky functionality when enabled. The feature is expected to roll out in the coming weeks and includes restrictions such as blocking attachments and media from people not in a user’s contact list; it can be enabled via Settings > Privacy > Advanced. WhatsApp positioned the change as an additional layer beyond default end-to-end encryption, aimed at higher-risk users such as journalists and public-facing figures, and noted its ongoing legal fight with NSO Group over the 2019 Pegasus campaign that targeted roughly 1,400 WhatsApp users.

The approach mirrors Apple’s Lockdown Mode, which similarly reduces attack surface for a small subset of users who may be personally targeted by advanced threats by disabling or constraining features across core services. Apple documents that Lockdown Mode blocks most message attachment types, limits complex web technologies, restricts incoming FaceTime calls to recent contacts, blocks certain Apple service invitations, and removes some photo-sharing metadata—trading usability for stronger protection against targeted exploitation. Together, the updates reflect a broader industry pattern of offering opt-in, high-friction hardening modes to mitigate spyware and other highly targeted intrusion techniques.

Share:
WhatsApp Introduces Strict Account Settings for Lockdown-Style Spyware Defense
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

5 events from the most recent confirmed update back to the earliest known activity.

5 EVENTS
Jan 27, 20265mo ago

Meta discloses Rust migration in WhatsApp media features

Alongside the Strict Account Settings announcement, Meta said it is adopting Rust in WhatsApp's media-sharing and media-validation components to reduce memory-safety risks from malicious files and spyware. The company described this as part of a broader defense-in-depth strategy that also includes hardening existing C/C++ code.

WhatsApp announces Strict Account Settings anti-spyware feature

Meta announced WhatsApp's new Strict Account Settings in late January 2026 as a lockdown-style security feature for high-risk users such as journalists, activists, and public figures. The feature applies restrictive privacy and security controls, including limiting or blocking interactions from unknown contacts, and is set to roll out gradually over the coming weeks.

Dec 1, 20257mo ago

Federal judge bars NSO Group from using WhatsApp infrastructure

In December 2025, a federal judge ruled that NSO Group can never again use WhatsApp infrastructure for spyware attacks, according to WhatsApp's description of the case. NSO Group has contested the injunction and argued it could bankrupt the company.

Jul 1, 20224y ago

Apple introduces Lockdown Mode for high-risk users

Apple introduced Lockdown Mode in July 2022 as an optional extreme-protection feature for people who may be personally targeted by highly sophisticated digital threats such as mercenary spyware. The mode reduces device attack surface by restricting functionality across apps, web technologies, calls, invitations, and device connections.

Jan 1, 20198y ago

NSO Group allegedly targets about 1,400 WhatsApp users with Pegasus

In 2019, roughly 1,400 WhatsApp users were reportedly targeted using NSO Group's zero-click Pegasus spyware through WhatsApp infrastructure. The incident became a key reference point for later WhatsApp anti-spyware protections and litigation.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

29 LINKEDOpen in app
Threat actors
1 linked
Malware
2 linked
Affected products
15 linked
WhatsappAndroidIosSafariIpadosIpadMacos VenturaMacosIphoneWatchosMacos SonomaIosMacIosIos
Organizations
11 linked
Meta PlatformsNSO GroupAppleThe RegisterLinkedinTechCrunchRecorded FutureReutersMicrosoft CorporationGoogleSecurity Affairs
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.