Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that threat actors are increasingly using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal. CISA advises users to take steps to protect themselves from these types of attacks, including consulting the agency's updated Mobile Communications Best Practices and following guidance on Mitigating Cyber Threats with Limited Resources.
Threat actors are using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal. The threat actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app. Targeted attacks have been observed against government officials, military personnel, and members of civil society across the United States, the Middle East, and Europe. CISA has identified several recent campaigns using commercial spyware to target popular messaging apps, including Russia-aligned actors abusing Signal's linked-device feature. Vulnerabilities such as CVE-2025-43300 and CVE-2025-55177 can be exploited by threat actors to gain access to mobile devices. CISA is urging users of popular messaging apps to take steps to protect themselves, including consulting the agency's updated Mobile Communications Best Practices.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that threat actors are increasingly using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal. This alert comes as part of CISA's ongoing efforts to inform the public about emerging cybersecurity threats.
According to CISA, threat actors have been actively leveraging commercial spyware to target users of mobile messaging applications, using sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app. These malicious payloads can then be used to further compromise the victim's mobile device, providing attackers with a range of options for exploiting their data.
The threat actors in question appear to be opportunistic in their approach, but they often focus on high-value targets such as government officials, military personnel, and members of civil society across the United States, the Middle East, and Europe. This suggests that the attacks are not merely opportunistic, but rather a targeted effort to gather sensitive information or disrupt operations.
CISA has identified several recent campaigns in which commercial spyware was used to target users of popular messaging apps. For example, Russia-aligned actors were found to be abusing Signal's linked-device feature, while Android spyware like ProSpy and ToSpy impersonated Signal and ToTok in the UAE. Additionally, ClayRat was discovered spreading via Telegram and fake WhatsApp/Google/TikTok apps in Russia.
Furthermore, CISA has highlighted several vulnerabilities that can be exploited by threat actors to gain access to mobile devices. These include vulnerabilities such as CVE-2025-43300, CVE-2025-55177, and a Samsung bug (CVE-2025-21042) that allows attackers to deploy LANDFALL spyware to Galaxy devices in the Middle East.
To mitigate these risks, CISA is urging users of popular messaging apps to take steps to protect themselves. This includes consulting the agency's updated Mobile Communications Best Practices and following guidance on Mitigating Cyber Threats with Limited Resources. By taking these precautions, users can reduce their risk of falling victim to spyware and RAT attacks.
The increasing use of commercial spyware and RATs by threat actors highlights the growing sophistication and diversity of cyber threats in recent years. As such, it is essential for individuals, organizations, and governments to remain vigilant and take proactive steps to protect themselves from these types of attacks. By staying informed and taking necessary precautions, users can help prevent the spread of spyware and RATs and maintain their online security.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Increasing-Use-of-Commercial-Spyware-and-RATs-to-Target-WhatsApp-and-Signal-Users-ehn.shtml
https://securityaffairs.com/185047/malware/cisa-spyware-and-rats-used-to-target-whatsapp-and-signal-users.html
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://www.cvedetails.com/cve/CVE-2025-43300/
https://nvd.nist.gov/vuln/detail/CVE-2025-55177
https://www.cvedetails.com/cve/CVE-2025-55177/
https://nvd.nist.gov/vuln/detail/CVE-2025-21042
https://www.cvedetails.com/cve/CVE-2025-21042/
Published: Tue Nov 25 06:59:39 2025 by llama3.2 3B Q4_K_M
