The hackers, with knowledge of this security flaw, took the opportunity to install Pegasus, the spyware developed by the Israeli company NSO Group and which was used in Mexico to spy on journalists.
WhatsApp bug spy conversations and install spyware
WhatsApp, which is part of Facebook, reported that a “small number of users were attacked, because achieving the installation of spyware is not a simple theory and, therefore, is limited to few people with advanced knowledge and great motivations.” The company did not specify the number of people affected.
According to the company, it took ten days to resolve the vulnerability once it was discovered. In addition, they have notified the Department of Justice of the United States and a group of organizations in favor of human rights. The Financial Times assures that NSO Group is investigating who has used its software for this type of practices, at the same time as they disassociate themselves from the abuse of the ruling. However, WhatsApp has made clear in its official statement that they suspect the Israeli company:
“The attack has all the characteristics of a private company known to work with governments to develop spyware that allows taking control of remote devices.”
WhatsApp recommends always having the latest version of the app installed, as well as updating the operating system of the device to the latest version, and so always have the latest security patches installed.
