A vulnerability was recently spotted in WhatsApp that allowed attackers to inject commercial spyware onto smartphones by simply calling up the targets using WhatsApp voice calling feature. The malware which is created by Israeli’s secretive NSO group was discovered early this month, has now been fixed and therefore 1.5 billion WhatsApp global users are urged to immediately update their apps to avoid falling a victim to this malicious malware.
The malware could be injected onto Android and iOS devices without any trace even if the user has not answered the WhatsApp voice call and would disappear from the call logs so that the user would not even know. It has the ability to scan through user’s e-mails, collect data, check location information and messages. NSO’s product Pegasus is a program that can snoop into the user’s phone.
As reported by the Financial Times, WhatsApp in a statement said, “This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.”
WhatsApp says that it has now fixed the security hole by working for hours in San Francisco and London. The company started rolling out a security fix on May 10 and released the patch on Monday.
“The Facebook-owned WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” WhatsApp said to encourage its users to update the app.