Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users

The Hacker News by The Hacker News
November 25, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Nov 25, 2025Ravie LakshmananSpyware / Mobile Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications.

“These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device,” the agency said.

DFIR Retainer Services

CISA cited as examples multiple campaigns that have come to light since the start of the year. Some of them include –

  • The targeting of the Signal messaging app by multiple Russia-aligned threat actors by taking advantage of the service’s “linked devices” feature to hijack target user accounts
  • Android spyware campaigns codenamed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates to deliver malware that establishes persistent access to compromised Android devices and exfiltrates data
  • An Android spyware campaign called ClayRat has targeted users in Russia using Telegram channels and lookalike phishing pages by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube to trick users into installing them and steal sensitive data
  • A targeted attack campaign that likely chained two security flaws in iOS and WhatsApp (CVE-2025-43300 and CVE-2025-55177) to target fewer than 200 WhatsApp users
  • A targeted attack campaign that involved the exploitation of a Samsung security flaw (CVE-2025-21042) to deliver an Android spyware dubbed LANDFALL to Galaxy devices in the Middle East

The agency said the threat actors use multiple tactics to achieve compromise, including device-linking QR codes, zero-click exploits, and distributing spoofed versions of messaging apps.

CISA also pointed out that these activities focus on high-value individuals, primarily current and former high-ranking government, military, and political officials, along with civil society organizations and individuals across the United States, the Middle East, and Europe.

CIS Build Kits

To counter the threat, the agency is urging highly targeted individuals to review and adhere to the following best practices –

  • Only use end-to-end encrypted (E2EE) communications
  • Enable Fast Identity Online (FIDO) phishing-resistant authentication
  • Move away from Short Message Service (SMS)-based multi-factor authentication (MFA)
  • Use a password manager to store all passwords
  • Set a telecommunications provider PIN to secure mobile phone accounts
  • Periodically update software
  • Opt for the latest hardware version from the cell phone manufacturer to maximize security benefits
  • Do not use a personal virtual private network (VPN)
  • On iPhones, enable Lockdown Mode, enroll in iCloud Private Relay, and review and restrict sensitive app permissions
  • On Android phones, choose phones from manufacturers with strong security track records, only use Rich Communication Services (RCS) if E2EE is enabled, turn on Enhanced Protection for Safe Browsing in Chrome, ensure Google Play Protect is on, and audit and limit app permissions



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
MENA Emerges as Global Leader in Enterprise Digital Transformation, New GSMA Report Finds

MENA Emerges as Global Leader in Enterprise Digital Transformation, New GSMA Report Finds

Recommended.

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

February 21, 2026
The UK cannot afford a box-ticking solution to cloud dominance | Computer Weekly

The UK cannot afford a box-ticking solution to cloud dominance | Computer Weekly

June 10, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio