"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications. "These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim's mobile device," the agency said."
"CISA cited as examples multiple campaigns that have come to light since the start of the year. Some of them include - The targeting of the Signal messaging app by multiple Russia-aligned threat actors by taking advantage of the service's "linked devices" feature to hijack target user accounts Android spyware campaigns codenamed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates to deliver malware that establishes persistent access to compromised Android devices and exfiltrates data"
CISA issued an alert warning that commercial spyware and remote access trojans are being used to target mobile messaging application users. Threat actors employ sophisticated targeting and social engineering techniques to deliver spyware, gain unauthorized access to messaging apps, and deploy additional malicious payloads that compromise devices. Notable campaigns include Signal account hijacking via the linked devices feature, ProSpy and ToSpy Android spyware in the United Arab Emirates, the ClayRat campaign in Russia impersonating popular apps, a limited WhatsApp/iOS exploit chain (CVE-2025-43300 and CVE-2025-55177), and LANDFALL delivered via a Samsung flaw (CVE-2025-21042). Tactics include device-linking QR codes, zero-click exploits, and distributing spoofed messaging apps. Activities focus on high-value individuals.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]