The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications.
“These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device,” the agency said.
CISA cited as examples multiple campaigns that have come to light since the start of the year. Some of them include –
- The targeting of the Signal messaging app by multiple Russia-aligned threat actors by taking advantage of the service’s “linked devices” feature to hijack target user accounts
- Android spyware campaigns codenamed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates to deliver malware that establishes persistent access to compromised Android devices and exfiltrates data
- An Android spyware campaign called ClayRat has targeted users in Russia using Telegram channels and lookalike phishing pages by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube to trick users into installing them and steal sensitive data
- A targeted attack campaign that likely chained two security flaws in iOS and WhatsApp (CVE-2025-43300 and CVE-2025-55177) to target fewer than 200 WhatsApp users
- A targeted attack campaign that involved the exploitation of a Samsung security flaw (CVE-2025-21042) to deliver an Android spyware dubbed LANDFALL to Galaxy devices in the Middle East
The agency said the threat actors use multiple tactics to achieve compromise, including device-linking QR codes, zero-click exploits, and distributing spoofed versions of messaging apps.
CISA also pointed out that these activities focus on high-value individuals, primarily current and former high-ranking government, military, and political officials, along with civil society organizations and individuals across the United States, the Middle East, and Europe.
To counter the threat, the agency is urging highly targeted individuals to review and adhere to the following best practices –
- Only use end-to-end encrypted (E2EE) communications
- Enable Fast Identity Online (FIDO) phishing-resistant authentication
- Move away from Short Message Service (SMS)-based multi-factor authentication (MFA)
- Use a password manager to store all passwords
- Set a telecommunications provider PIN to secure mobile phone accounts
- Periodically update software
- Opt for the latest hardware version from the cell phone manufacturer to maximize security benefits
- Do not use a personal virtual private network (VPN)
- On iPhones, enable Lockdown Mode, enroll in iCloud Private Relay, and review and restrict sensitive app permissions
- On Android phones, choose phones from…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
