CybersecurityHackers working for a “state actor” planted spyware in WhatsApp via missed calls

The messaging platform WhatsApp said it had patched a vulnerability which allowed spyware to be installed via a missed call. The company assumes only a few selected users were targeted by an “advanced cyber actor.”

CNN reports that the scope of the problem was unknown, but the number of affected individuals was at least in the dozens, a spokesman for the company said late Monday. WhatsApp urged its users to download the latest update for the app in order to protect themselves from attacks.

Media outlets, including the Financial Times and TechCrunch, identified the spyware as the product of Israel’s NSO group. The group is famous for its software dubbed “Pegasus” which can hack smartphones and activate their microphones and cameras, collect location information, and send out emails and texts.

WhatsApp did not confirm NSO was linked with the attack, but the company said it was “not refuting” any of the media coverage.

The messaging platform also said the attack bore “all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”

WhatsApp is a Facebook subsidiary with more than 1.5 billion users. The company boasts end-to-end transcription protecting its users’ privacy. On Monday, the company said the malware was discovered in early May.

A spokesman for the firm said the flaw was detected while “our team was putting some additional security enhancements to our voice calls.” Its engineers found that affected users “might get one or two calls from a number that is not familiar to them. In the process of calling, this code gets shipped.”

The hack targeted all commonly used smartphone operating systems, including Apple’s iOS, Google’s Android, Microsofts Windows Phone, and Samsungs Tizen.

WhatsApp said they have provided information to U.S. authorities to help with the investigation.

The Financial Times notes that many journalists, dissidents, activists, and lawyers have reported attacks by NSO’s spyware. One of the alleged targets was a close friend of the murdered Saudi journalist Jamal Khashoggi. The Canada-based dissident and several Mexican activists are suing the company in an Israeli court.

Amnesty International claims one of its staffers was targeted with the Israeli-made spyware last year. Following the Monday announcement, Amnesty International said it would join the effort to force Israel’s defense ministry to suspend NSO’s export license.

A U.K.-based human rights lawyer told the AP news agency that he was targeted in the latest attack. The activist, who wanted to stay anonymous for professional reasons, said he had received several suspicious missed calls over the past months, the most recent one on Sunday.

According to the Financial Times, the Israeli-based NSO do not use their software themselves. Their tools are usually operated by state security agencies.