Information security audit specialists have reported the existence of a spyware developed by a hacking group for hire that has exploited vulnerability in WhatsApp, the most popular instant messaging service in the world, to remotely kidnap dozens of smartphones.
In a statement published by the company it is only mentioned that the attackers are “a group of hackers working for multiple governments to develop spying software”. Some information security audit experts assure that the attack operators are NSO hackers, an Israeli technology company.
According to reports, this malware could compromise mobile devices through the missed call list in WhatsApp; so far, Facebook, WhatsApp owning company, has only mentioned that “dozens” of devices have been infected, so the exact scope of the security incident is still unknown.
A Facebook spokesman stated that the incident was detected during an additional maintenance day for the call function of WhatsApp. “Our engineers discovered that the victims received one or two calls from an unknown number, during this process, the attackers were sending code to the victim”.
After detecting the incident WhatsApp began its process of correction and updating, in addition to inform the corresponding authorities to continue the investigation, reported the information security audit experts.
On the other hand, the Israeli company NSO affirmed through a statement that their technology and knowledge are used by police and intelligence agencies in combating organized crime and terrorist activities. “The NSO will investigate any allegations of misuse supported by evidence and take the necessary measures if necessary,” concludes the statement.
According to the experts from the International Institute of Cyber Security (IICS) this spyware has been detected on multiple occasions attacking journalists, political dissidents, social activists, etc. Perhaps the most relevant case related to this malware is the murder of the Saudi journalist Jamal Khashoggi in Istanbul.
The NGO Amnesty International also claimed that one of its members was infected with this malicious software in 2018, so it would try to convince the Israeli government to cancel its contracts with this company.