About Us Contact us Kannada

San Francisco: A security flaw in WhatsApp, one of the most popular messaging apps in the world, allowed sophisticated attackers to install spyware on phones, the company said Tuesday, in the latest trouble for its parent Facebook.

The vulnerability -- first reported by the Financial Times, and fixed in the latest WhatsApp update -- allowed hackers to insert malicious software on phones by calling the target using the app, which is used by 1.5 billion people around the world.

The FT cited a spyware dealer as saying the tool was developed by a shadowy Israel-based firm called the NSO Group, which has been accused of helping governments from the Middle East to Mexico snoop on activists and journalists.

Security researchers said the malicious code bore similarities to other tech developed by the firm, according to The New York Times.

The latest exploit -- which impacts Android devices and Apple's iPhones, among others -- was discovered earlier this month and WhatsApp scrambled to fix it, rolling out an update in less than 10 days.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a spokesperson said in a statement to AFP.

The firm did not comment on the number of users affected or who targeted them, and said it had reported the matter to US authorities.

The breach is the latest in a series of issues troubling WhatsApp's parent Facebook, which has faced intense criticism for allowing its users' data to be harvested by research companies and over its slow response to Russia using the platform as a means to spread disinformation during the 2016 US election campaign.

The WhatsApp spyware is sophisticated and "would be available to only advanced and highly motivated actors", the company said, adding that a "select number of users were targeted".

"This attack has all the hallmarks of a private company that works with a number of governments around the world" according to initial investigations, it added, but did not name the firm.

WhatsApp has briefed human rights organizations on the matter, but did not identify them.

The Citizen Lab, a research group at the University of Toronto, said in a tweet it believed an attacker tried to target a human rights lawyer as recently as Sunday using this flaw, but was blocked by WhatsApp.

The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates. Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target's phone camera and microphone, and access data on it.

The firm said Tuesday that it only licenses its software to governments for "fighting crime and terror".

The NSO Group "does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions", it said in a statement to AFP.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system.

Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.

Comments

Gurugram (PTI): The Gurugram Cyber Police has arrested three men for allegedly providing calling support to a Chinese fraud syndicate, officials said on Wednesday.

According to the officials, a 20-port physical SIM box and a laptop were seized from them. These arrests come after a woman from Nagaland was held in connection with the same case.

The arrested accused have been identified as Karma (32) from Nagaland, and Lobsang Tsultim (33) and Ngawang Gyaltsen (35), both from Himachal Pradesh. Karma and Tsultim were arrested on February 14. Gyaltsen was intercepted on February 16 near Majnu Ka Tila in Delhi while attempting to flee to Nepal.

Police said the accused, during questioning, revealed that they were using SIM boxes to facilitate fraudulent calls targeting Indian citizens.

Karma and Lobsang Tsultim admitted to installing virtual SIM boxes in Gurugram on the instructions of a Chinese national named Tsega, they said.

These setups, which included 20 mobile phones, were capable of making over 20,000 calls a day. Tsega, allegedly used an application to contact Indian citizens for various crimes, including gaming and investment fraud, they said.

Tsultim and Gyaltsen were born in China and have lived in India as refugees for 15 years. Fluent in Chinese and Taiwanese, they communicated with Tsega via WeChat, a platform banned in India since 2020, they added.

ACP Cyber Priyanshu Dewan said the three accused were produced in court on Wednesday and have been sent to judicial custody.

"We are working to identify others involved in the network," he added.

All Stories

PM Modi welcomes world leaders to AI Impact Summit; holds bilaterals with 7 PMs, presidents, 2 CEOs
PM Modi welcomes world leaders to AI Impact Summit; holds bilaterals with 7 PMs, presidents, 2 CEOs

Prime Minister Narendra Modi on Wednesday welcomed world leaders, including UN Secretary-General Antonio Guterres and IMF chief Kristalina Georgieva, for the ongoing AI Impact Summit here and held nine bilaterals with heads of state and CEOs.
No reason to believe change in India's stance on Russian oil: Russian Foreign Ministry
No reason to believe change in India's stance on Russian oil: Russian Foreign Ministry

Russia's Foreign Ministry on Wednesday said it has "no reason" to believe that India has changed its position on buying Russian oil, which it said is beneficial for both countries and maintains stability in the global hydrocarbons market.
Kalaburagi: Two die in suspected asphyxiation while cleaning septic tank
Kalaburagi: Two die in suspected asphyxiation while cleaning septic tank

Two men died of suspected asphyxiation while manually cleaning a septic tank, police said on Wednesday.

Copyright © 2026. Vartha Bharati. All rights reserved