CISA Issues Alert on Spyware Threats Targeting Messaging Apps

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding cybercriminals using commercial spyware to compromise mobile messaging applications. The alert, released Monday, urges users to take proactive measures to safeguard their devices.

According to CISA, multiple threat actors are employing sophisticated social engineering tactics to infiltrate messaging apps, enabling the delivery of malicious payloads that can further compromise mobile devices. The agency highlighted that these attacks often involve mimicking popular applications or sending malicious files through platforms like WhatsApp. Research this year has also documented instances of Android spyware targeting Samsung devices, as well as Signal accounts affected by Russian-linked cyber actors.

CISA noted that while attacks are currently opportunistic, they appear to focus on high-value targets, including government officials, military personnel, political figures, civil society organizations, and individuals across the United States, Europe, and the Middle East.

The agency emphasized that spyware attacks are not limited to traditional methods. Threat actors have increasingly used malicious QR codes and zero-click exploits, which can compromise a device without requiring any user interaction.

To mitigate these risks, CISA directed users to mobile security best practices and resources tailored for civil society groups. The alert also aligns with the agency’s ongoing efforts to identify vulnerabilities exploited by spyware vendors, including recent weaknesses in Samsung devices, which have been added to CISA’s “must-patch” list for federal agencies.

“Users of messaging apps should remain vigilant and adopt recommended security practices to protect personal and organizational data from evolving cyber threats,” the agency advised.