WhatsApp on Tuesday warned users to upgrade the application to plug a security hole that allowed for the injection of sophisticated malware that could be used to spy on journalists, activists and others.
Facebook-owned WhatsApp said it released an update to fix the vulnerability in the messaging app, used by 1.5 billion people around the world.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” a company statement said.
The WhatsApp spyware is sophisticated and “would be available to only advanced and highly motivated actors,” the company said, adding that a “select number of users were targeted.”
“This attack has all the hallmarks of a private company that works with a number of governments around the world” according to initial investigations, it added, but did not name the firm.
The spyware appears to be related to the Pegasus software developed by Israeli-based NSO group, which is normally sold to law enforcement and intelligence services, according to Washington-based analyst Joseph Hall.
The spyware “could have gotten into someone’s hands” outside legitimate channels for nefarious purposes, Hall, chief technologist at the Center for Democracy and Technology, told AFP.
“It’s unclear who is doing this.”
Security researchers have found that Android and Apple phones can be infected with the spyware with a simple audio call through WhatsApp, even if the user does not answer, according to Hall, making detection more difficult.
Hall said the unpatched security flaw opens the door to spying by rogue entities on human rights activists, journalists and others.