The United States' Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert to warn WhatsApp and other messaging platform users about new spyware and hacking tools targeting them.
The advisory points out that these cyberattacks are targeting both the messaging accounts and the connected mobile phones themselves.
According to CISA, cybercriminals are using advanced spyware to infiltrate WhatsApp accounts. The agency emphasised the importance of users checking their account security immediately to prevent unauthorised access.
Cyber threat actors are using “sophisticated targeting and social engineering” techniques to gain access to messaging apps. Once inside, these attacks can deploy additional malicious software that further compromises the victim’s device.
According to the agency, these attacks can come through malicious links, QR codes, app installs, mobile malware or even fake apps disguised as legitimate ones that trick users into installing and then using them to access data.
Additionally, the hackers use what is known as social engineering, where they trick users into sharing a one-time code that will enable them to transfer your account to their own device, leaving you with the challenge of getting it back, according to Forbes.
CISA also pointed out that most defences against these attacks rely on user caution, advising users to avoid clicking on suspicious links, refrain from installing apps outside official stores, and not open unknown attachments.
The new warning comes amid growing concerns over the security of mobile messaging platforms, which have become a major target for hackers seeking sensitive personal or financial information.
What to Do
Never share your WhatsApp registration code with anyone, not even friends or family, as this is one of the ways hijackers are using as a launching ground.
To secure your account, open WhatsApp, go to Settings, then Account, and enable two-step verification. This adds a PIN that you must remember and is required for added security.
Next, add and verify your email address, as this ensures you can recover your account if it becomes compromised or if you forget your PIN.
Additionally, WhatsApp now allows users to add a passkey to further strengthen account protection. Completing all three steps, two-step verification, email verification, and passkey setup, makes your account fully secure.
WhatsApp Updates
The security guidance comes as WhatsApp continues to expand its features. The platform recently announced the testing of a new functionality aimed at bridging communication with users on feature phones.
The upcoming feature, called Guest Chats, will allow WhatsApp users to interact with friends and family who do not have the app installed, broadening accessibility and connectivity across different types of devices.
