Fighting Spyware An Update From WhatsApp
Fighting Spyware: An Update From WhatsApp
Last year, WhatsApp made history by securing a landmark verdict and permanent injunction barring NSO Group – a spyware firm blacklisted for actions contrary to US national security – from targeting WhatsApp and its users ever again. The court was unequivocal: NSO violated federal and state laws against hacking. Today, we’re asking the court to hold them in contempt of that order.
We successfully disrupted NSO-linked social engineering attempts after investigating user reports. They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO. We also caught them creating test accounts and groups on WhatsApp, which we took down. We are sharing threat indicators so that anyone can check if they were targeted by NSO-linked social engineering attempts across any platform – be it text message, email, WhatsApp message, or something else. Malicious domains include: hxxps://ikhwancast[.]com, hxxps://ghazacast[.]com, hxxps://fr24cast[.]com.
Spyware is a national security threat. Since 2019, our case has shown that NSO continues to build spyware tools to target people’s devices. Its CEO confirmed in court that the company looks for “vectors, or ways to access the phone” beyond WhatsApp, targeting browsers, operating systems, and other applications. No technology is off-limits to surveillance-for-hire firms, whose reported targets range from journalists to government officials, military personnel, and humanitarian organizations. When a malicious company on the US government’s Entity List continues to defy US courts, existing restrictions must remain firmly in place. Easing them would undermine US national security and put American companies and billions of people worldwide who depend on secure communications at risk.
Today, we are beginning to deliver on our promise to support digital rights organizations working to defend people against spyware attacks by making a significant contribution to the Spyware Accountability Initiative (SAI). We encourage people to keep their apps and devices up to date and report suspicious activity so we can investigate and take action. For those who believe they may be targeted by sophisticated cyber attacks, we strongly recommend enabling strict account settings to harden their WhatsApp accounts even more.