WhatsApp has recently corrected a serious vulnerability that allowed any attacker to install a spyware on the victim’s smartphone (Android and iOS) without his knowledge. Taking advantage of a bug in the audio call system, the spyware was able to install itself without the user having to answer a call.
Pegasus, the malicious software in question, has been developed by the Israeli company NSO and sold to various governments and government agencies to fight crime and terrorism, apparently, however, it has been used for very different purposes in recent years, particularly against activists for civil rights, journalists and dissidents.
WhatsApp discovered the flaw in its software in early May and quickly made the necessary changes to its infrastructure to prevent spyware from accessing user data. Later they released an update so that such a situation can no longer be repeated.
Pegasus is able to access the smartphone’s camera and microphone, scan emails and messages and collect information on the user’s location. Without expressly referring to NSO, WhatsApp is quite clear in its official statement:
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” said WhatsApp in a statement.
The Spyware would have been used in at least 45 countries around the world but according to WhatsApp, it would have been addressed to a limited number of users, mainly due to the complexity of the attack. If you have not already done so you can download the update to WhatsApp from the Play Store using this link. The Android versions affected by the bug are those prior to 2.19.134.