WhatsApp has blocked a new wave of cyberattack activity linked to Pegasus spyware, developed by the Israeli company NSO Group. The company has also filed a motion in a U.S. federal court seeking sanctions against NSO Group for allegedly violating a previous court order that barred it from targeting users of the platform in connection with an earlier case filed in 2019. This development represents a significant move that highlights the ongoing threat posed by commercial spyware, which continues to target users’ personal data despite legal enforcement actions and U.S. trade restrictions imposed since 2021.
An investigation found that this attack campaign did not rely on any previously unknown vulnerability in WhatsApp. Instead, it used targeted deception techniques to persuade victims to click malicious links leading to external websites. This attack chain required user interaction, with threat actors using deceptive domains referencing international news outlets and political groups to appear more credible. If the attack was successful, the spyware would exploit weaknesses in the operating system or browser to compromise Android and iPhone devices. This could allow attackers to directly steal data stored on the device, such as chat messages, location data, photos, files, and other information, as well as activate the microphone and camera. This method enables spyware to bypass end-to-end encryption protections because the data is accessed after it has been decrypted and displayed on the victim’s device screen.
To reduce the risk and prevent users from falling victim to this type of cyberattack, users and organizational administrators should exercise greater caution when reviewing suspicious messages and links, even if they appear to come from known contacts or reference current events. Key basic practices include keeping mobile operating systems and applications updated to the latest versions and avoiding links from untrusted or uncertain sources. In addition, users who are at higher risk of being targeted are advised to strengthen their WhatsApp privacy settings and consider enabling advanced security features, such as Lockdown Mode on Apple devices, to reduce potential attack surfaces and enhance the protection of personal data.
Source: https://hackread.com/whatsapp-blocked-pegasus-spyware-campaign-nso/