WhatsApp has informed its users about the discovery of new spyware inside the app. This spyware can reportedly let any attacker inject suspicious code in victim’s phone. Once the code is injected, the attacker can gain remote access to the device. It is reported that the spyware was used to delete incoming call log from a WhatsApp user’s call screen.
Also, the reports claim that an Israeli firm is responsible for this spyware. A cyber intelligence company named NSO Group from Israel developed this spyware. This company is also known to provide its spyware to state agencies for spying against suspects. Even WhatsApp, in their statement, claim that the attack seems to be from a company which makes spyware for state agencies.
Talking about the spyware, this vulnerability affects users of WhatsApp’s Calling feature the most. Because the spyware gets inside anyone’s phone via WhatsApp Calls only. With this spyware, the attacker would call the victim via WhatsApp Call. But the code can be remotely injected even if the victim does not pick up the call. Once the access is gained, the attacker can delete the entire incoming call log as reported.
Now, WhatsApp has already released a fix which claims to fix this spyware. Also, WhatsApp has told its users to update their apps as soon as possible. According to researchers, the penetration of this spyware could be more if the apps are not updated soon. In countries like India and China where the WhatsApp user base is huge but the awareness is less, the spyware could create damages.
In its statement regarding the spyware, WhatsApp said that “We are constantly working alongside industry partners to provide the latest security enhancements to help protect our users”. It is claimed that WhatsApp’s iOS update fixing this spyware is already available.