WhatsApp, the famous messaging app, has been attacked by cybercriminals as a result of a vulnerability in their calling system. The criminals took advantage of the bug in the platform to infect it with an espionage software called Pegasus, developed by the company NSO.
“WhatsApp have pointed out that the cyber attack seems coordinated by a government agency and an espionage company.”
The infection of the platform has been achieved through massive calls to users. Although the user did not respond, when the call enters the device, it becomes infected and installs spyware.
In addition, in most cases, after users received the call, it was automatically removed from the call log.
Apparently, Pegasus has been installed on both Android and iOS devices, allowing the software to access the camera, the microphone, location data and information about the messages sent by WhatsApp.
This spyware is the product of NSO, an Israeli cybersecurity company. NSO is known for selling its espionage products and software to intelligence agencies in the Middle East.
In this sense, WhatsApp managers have pointed out that the cyber attack has all the hallmarks of a mobilization coordinated by a government agency and an espionage company, such as NSO.
Faced with the accusations, the Israeli company has denied any collaboration with its government clients and has emphasized the internal investigations it has carried out to stop the abuse of its tools.
However, in the past NSO had already been linked to another cyber-attack of a governmental nature. The company was blamed for providing tools for Middle Eastern governments to spy on and blackmail human rights activists.
In fact, these activists were infected with a message that contained a Pegasus, the same spyware used in current attacks.
Despite the seriousness of the situation, WhatsApp has indicated that only a small number of users has been affected, since it was an attack aimed at specific individuals.
In addition, the messaging network ensures that the vulnerability has been repaired and that users will be protected against cyber attack if they update the latest version of the app.