All news with #whatsapp tag

Amazon Connect Outbound Campaigns Adds WhatsApp Support

📣 Amazon Connect Outbound Campaigns now supports WhatsApp, enabling proactive, automated messaging for appointment reminders, payment notifications, order updates, and product recommendations. Administrators can configure WhatsApp campaigns in the existing Amazon Connect interface—define target audiences, personalize message templates, schedule delivery, and apply compliance guardrails alongside SMS, voice, and email. Messages can leverage real-time customer data and include delivery and engagement tracking as well as frequency controls to maintain compliance. This capability is available in all AWS Regions that support Outbound Campaigns.

Brazil Hit by WhatsApp Worm and RelayNFC Fraud Campaign

🔒 Water Saci has shifted to a layered infection chain that uses HTA files and malicious PDFs delivered via WhatsApp to deploy a banking trojan in Brazil. The actors moved from PowerShell to a Python-based worm that propagates through WhatsApp Web, while an MSI/AutoIt installer and process-hollowing techniques load the trojan only on Portuguese (Brazil) systems. Trend Micro links the behavior to Casbaneiro-style features and notes possible use of code-translation or AI tools to port scripts. In parallel, a React Native Android strain named RelayNFC executes real-time NFC APDU relays to enable contactless payment fraud.

CISA Warns: State-Backed Spyware Targeting Signal, WhatsApp

🛡️ CISA has warned that cybercriminals and state-backed actors are using spyware to target users of encrypted messaging apps including Signal, WhatsApp, and Telegram. Rather than breaking end-to-end encryption, attackers compromise devices to access messages, files, contacts, call history, and location data. Techniques include fake QR codes that link accounts to attacker-controlled devices, malicious updates, and zero-click exploits that trigger on receipt of a malformed image or file. Users are urged to keep devices and apps updated, avoid installing software from untrusted sources, and treat unexpected messages or files with suspicion.

CISA: Active Spyware Campaigns Target Messaging Apps

🔐CISA warns that threat actors are actively using commercial spyware and remote-access trojans to target users of mobile messaging apps, combining technical exploits with tailored social engineering to gain unauthorized access. Recent campaigns include abuse of Signal's linked-device feature, Android spyware families ProSpy, ToSpy and ClayRat, a chained iOS/WhatsApp exploit (CVE-2025-43300, CVE-2025-55177) targeting a small number of users, and a Samsung flaw (CVE-2025-21042) used to deliver LANDFALL. CISA urges high-value individuals and organizations to adopt layered defenses: E2EE, FIDO phishing-resistant MFA instead of SMS, password managers, device updates, platform hardening (Lockdown Mode, iCloud Private Relay, app-permission audits, Google Play Protect), and to prefer modern hardware from vendors with strong security records.

Commercial Spyware Targets Mobile Messaging Users Worldwide

📱 CISA warns that multiple cyber threat actors are actively using commercial spyware to target users of mobile messaging applications. These actors employ phishing, malicious device-linking QR codes, zero-click exploits, and impersonation of platforms such as Signal and WhatsApp to gain unauthorized access and deploy additional malicious payloads. CISA urges users to review updated mobile communications guidance and mitigations to reduce spyware risk.

WhatsApp API Flaw Enabled Scraping of 3.5B Accounts

🔍 Researchers from the University of Vienna and SBA Research compiled a list of 3.5 billion active WhatsApp mobile numbers and associated personal details by abusing a contact-discovery API that lacked rate limiting. Running from a single server with five authenticated sessions, they queried more than 100 million numbers per hour and tested a generated space of 63 billion potential numbers. The team responsibly reported the issue and WhatsApp has since added rate-limiting protections. Although the researchers did not publish the dataset, their findings illustrate how unprotected APIs enable large-scale scraping and privacy exposure.

CTM360 Reveals Global WhatsApp Account-Hacking Campaign

🔒 CTM360 reports a large-scale campaign, dubbed HackOnChat, that deploys deceptive web portals and impersonation pages to compromise WhatsApp accounts worldwide. Attackers rapidly create thousands of malicious URLs on inexpensive domains and web-building platforms, luring users with fake security alerts and lookalike login pages. Once accounts are taken, they are abused to defraud contacts, harvest sensitive data, and expand the scam.

Sturnus Android Trojan Steals Messages and Controls Devices

🔒Sturnus is a new Android banking trojan discovered by ThreatFabric that can capture decrypted messages from end-to-end encrypted apps like Signal, WhatsApp, and Telegram. It abuses Accessibility services and on-screen capture to read message content and deploys HTML overlays to harvest banking credentials. The malware also supports real-time, AES-encrypted VNC remote control and obtains Android Device Administrator privileges to resist removal while targeting European financial customers with region-specific overlays.

WhatsApp flaw allowed discovery of 3.5B registered numbers

🔍 Researchers from the University of Vienna and SBA Research found a flaw in WhatsApp's contact discovery that let them enumerate valid numbers globally, confirming about 3.5 billion registered accounts. By abusing the lookup mechanism they could probe numbers across 245 countries at rates exceeding 100 million checks per hour from a single IP. The technique also exposed public (non-private) keys, timestamps, profile photos and About text, enabling inference of device OS, account age and linked secondary devices, prompting Meta to add rate limits and tighter visibility rules.

Python WhatsApp Worm Spreads Eternidade Stealer Across Brazil

📲 Trustwave SpiderLabs describes a Python-based WhatsApp worm that propagates a Delphi credential stealer named Eternidade Stealer across Brazilian devices. The campaign begins with an obfuscated Visual Basic Script dropper that installs both a Python WPPConnect-based propagator and an MSI/AutoIt installer which injects the stealer into svchost.exe. Operators use IMAP to fetch dynamic C2 addresses and apply Brazilian Portuguese geofencing to limit infections to the target region.

Eternidade Stealer: WhatsApp Worm Targets Brazil's Ecosystem

🔒 Trustwave SpiderLabs has identified Eternidade Stealer, a multi-component banking Trojan that combines a Python-based WhatsApp-propagating worm, a Delphi stealer and an MSI dropper to harvest financial credentials and spread laterally. The campaign uses an obfuscated VBScript to deliver two payloads, dynamically retrieves command-and-control via IMAP and activates only on systems using Brazilian Portuguese. Defenders should watch for unexpected MSI or script executions, suspicious WhatsApp messages and indicators linked to the campaign.

Meta Expands WhatsApp Security Research Effort

🛡️ Meta has provided selected long‑time bug bounty researchers with a new tool, WhatsApp Research Proxy, to streamline analysis of WhatsApp's network protocol and reduce barriers to in‑depth research. The company is also running a pilot that invites research teams to focus on platform abuse with internal engineering and tooling support. Meta said it has paid more than $25 million to over 1,400 researchers in 15 years and recently added anti‑scraping protections after a study showed an account‑enumeration technique able to map billions of users.

Maverick Banking Malware Spreads via WhatsApp Web in Brazil

⚠️ Threat hunters report a .NET banking trojan dubbed Maverick propagating via WhatsApp Web, with analyses noting significant code overlaps with the Coyote family and attribution to the actor known as Water Saci. The campaign uses a self-propagating component named SORVEPOTEL to distribute a ZIP containing an LNK that launches PowerShell/cmd to fetch loaders from zapgrande[.]com. The loader installs modules only after geo/linguistic checks confirm the victim is in Brazil and then deploys banking-targeted credential-stealing and web-injection capabilities.

LandFall Spyware Abused Samsung DNG Zero-Day via WhatsApp

🔒 A threat actor exploited a Samsung Android image-processing zero-day, CVE-2025-21042, to deliver a previously unknown spyware called LandFall using malicious DNG images sent over WhatsApp. Researchers link activity back to at least July 23, 2024, and say the campaign targeted select Galaxy models in the Middle East. Unit 42 found a loader and a SELinux policy manipulator in the DNG files that enabled privilege escalation, persistence, and data exfiltration. Users are advised to apply patches promptly, disable automatic media downloads, and enable platform protection features.

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Spyware

🔒 A now-patched out-of-bounds write in libimagecodec.quram.so (CVE-2025-21042, CVSS 8.8) was used as a zero-click vector to deliver commercial-grade Android spyware known as LANDFALL. The campaign appears to have used malicious DNG images sent via WhatsApp to extract and load a shared library that installs the spyware. Unit 42 links activity to targets in Iraq, Iran, Turkey, and Morocco and notes samples dating back to July 2024. The exploit also deployed a secondary module to modify SELinux policy for persistence and elevated privileges.

WhatsApp screen-sharing scam: risks and protections

🔒 A growing scam exploits WhatsApp’s screen-sharing feature to trick users into exposing verification codes, passwords and banking details during video calls. Attackers pose as banks, service providers or contacts, create urgency, then request screen sharing or the installation of remote-access apps like AnyDesk or TeamViewer. Once granted, they capture OTPs, install malware or coerce transfers, enabling account takeover and financial theft. Stay skeptical: never share screens, passwords or verification codes with strangers.

WhatsApp Adds Passwordless Passkey Chat Backups now

🔒 WhatsApp is rolling out passkey-encrypted chat backups on iOS and Android, allowing users to secure backups with biometrics or a device screen lock instead of a password. Passkeys rely on a device-generated private/public key pair so the private key never leaves the device, reducing exposure to credential theft. Users can enable the feature under Settings > Chats > Chat backup > End-to-end encrypted backup. Meta has begun a global rollout that will reach users over the coming weeks and months.

Privacy rankings of popular messaging apps — 2025 Report

🔒 Incogni's Social Media Privacy Ranking 2025, summarized by Kaspersky, evaluates 15 platforms across 18 criteria to compare messaging apps on privacy and data handling. Overall scores place Discord, Telegram and Snapchat near the top, but a subset of practical criteria ranks Telegram first, followed by Snapchat and Discord. The analysis highlights default settings, data collection by mobile apps, handling of government requests, and encryption differences, noting that only WhatsApp provides end-to-end encryption for all chats by default.

Meta launches new anti-scam tools for WhatsApp, Messenger

🛡️ Meta is rolling out new anti-scam features for Messenger and WhatsApp to help users detect and avoid fraud. Messenger testing includes AI-assisted scam detection that warns about suspicious new contacts and offers options to block, report, or submit messages for review. WhatsApp will display warnings about screen-sharing with unknown callers. These protections are enabled by default.

Meta Adds Scam Warnings to WhatsApp and Messenger Apps

🔒 Meta is rolling out new anti-scam features for WhatsApp and Messenger. On WhatsApp, users will receive warnings when attempting to share their screen with unknown contacts during video calls to help prevent accidental exposure of bank details or verification codes. On Messenger, an opt-in Scam detection setting flags potentially suspicious messages from unknown senders; detection runs on-device to preserve end-to-end encryption unless users choose to submit recent messages for AI review, which removes E2EE. Meta also said it has taken action against thousands of impersonating pages and disrupted millions of accounts tied to organized scam centers.