Hackers have managed to install spyware onto an unknown number of people’s smartphones via a security flaw in WhatsApp’s messaging service.
The Facebook-owned company confirmed Monday an advanced cyber actor had infected a “select number” of users phone’s with the malware it had discovered in early May.
A fix was rolled out Friday but the messaging service has urged its 1.5-B users to update their apps as an extra precautionary measure.
It has been suggested that Israeli firm NSO Group developed the software involved.
Attackers were able to install the surveillance technology via WhatsApp’s call functionality. The spyware could be installed even if the call was not picked up and it would often disappear from the target’s call log. Attackers could then access private data including messages on the person’s device.
WhatsApp said its security team first flagged the flaw then shared the information with the US Department of Justice as well as human rights groups and selected security vendors earlier this month.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said.
NSO meanwhile has denied any links to the spyware.
“The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions,” it said in a statement. “We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.”