Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware on Phones

With the increase in technological advancement, the rate of a cyber attack has witnessed a tremendous rise, causing privacy concern for users. Lately, WhatsApp, a service owned by Facebook, has reported about its vulnerability that allowed cyber hackers to install surveillance spyware on the users Smartphone. The hackers have achieved this attack by merely making a call on a targeted phone with the help of WhatsApp voice call. Adhering to this attack has awakened WhatsApp to notify its users to update the app using the app stores as so as possible. This notice aims to protect the phone against the vulnerability spyware, which makes use of the WhatsApp voice calling features.


It shows that the Israeli technological company NSO Group, famous for producing highly developed and sophisticated mobile spyware, has developed the questioned spyware and sold it to the attackers. The hackers used Pegasus Spyware to launch an attack on Smartphone users using the WhatsApp voice call as a disguised tool. Based on the claims of WhatsApp, some of the app versions affected by the spyware include WhatsApp for iSO before v2.19.51, WhatsApp for Android before v2.19.134, and WhatsApp for Windows phone before v2.18.348, among many others. However, the NSO Group has claimed that its spyware only deals against a legal targeted group and that the recent Whatsapp vulnerability has no connection with its organization. Nevertheless, Whatsapp believes that the incursion is linked to NSO Group as it has all the official marks of the company that works with legal authority concerning technological operating system like the mobile phone. Further, NSO Group spyware has allowed hackers to gain entry over the victim Smartphone leaving the privacy of the users at the hands of the hackers. The spyware can also access to other multimedia features emails, location, contact, etc.

Another claim made about WhatsApp vulnerability reveals that the lack of safeguard in WhatsApp voice call has allowed the hackers to perform any incursion on the targeted Smartphones. The Whatsapp hacking app can easily install the spyware on the targeted phone by using the Whatsapp Common Vulnerabilities and Exposures (CVE) 2019-3568. Further, the hackers could transfer the spyware to the targeted Smartphone users by using the WhatsApp voice call features as the channel, and thus infects the phone whether or not the Smartphone users receive the attack call.  This attack allows hackers to steal personal data from the users of Smartphone. Besides, the spyware erases all the formalities carried during the attack, thereby leaving the victims clueless about the incursion.


It is difficult for WhatsApp to provide a correct number of users affected by the NSO Group spyware. NSO Group has claimed to have infected many WhatsApp Smartphone users by merely making a voice call. The correct number of users is uncertain following cyber incursion. However, the number of affected users counts to very few and not all WhatsApp users.

Read more: How to Hack Someone’s WhatsApp Without Their Phone for Free?

Following this cyber incursion, Whatsapp has also alerted legal authority to make necessary enforcement. Further, WhatsApp has also published Common Vulnerabilities and Exposure (CVE) notice which has aimed to create an alert concerning similar cyber attacks.

Various investigations on the NSO Group like the Citizen Lab, which is an organization for cybersecurity, have revealed the background evidence for developing the spyware. One evidence links directly with the attempts to attack a UK based lawyer. However, the effort to attack failed due to defense reasons. Another evidence links to Mexico and Saudi Arabia, where there were also cases of people being a victim of NSO Group spyware.


The thread evolved against WhatsApp has inflicted individual, organization, and even profession of high authority. The initial conflict had started when the hacker attempted to assault a lawyer in clandestine. Further, an investigation led to more results, such as spyware against human rights, instigators, and news reporters. NSO Group has imposed this network in the designated areas from Mexico to the United Arab Emirates. Besides, other evidence also showed how this cyber attack had exposed foreign human rights workers living in Saudi Arabia.

Read more: WhatsApp Spy App Free Download – How to Spy WhatsApp in 2021

The discovery of recent WhatsApp susceptibility enables hackers to interfere with the privacy of the users. Except for the updated version of the operating system in Android and Apple iOS, other phones are susceptible to this cyber assault. The overall vulnerable victims involve more than one billion WhatsApp users. As such, victims were prone to unsafe privacy and security.

Facebook, as a sole service provider of Whatsapp, enlists the affected Whatsapp versions for different operating systems. The typical vulnerable phone includes Google Android, Apple iOS, and Microsoft Windows. The different Whatsapp versions affected by the NSO Group spyware are WhatsApp for Windows Phone, Tizen device, iOS, and business iOS, Whatsapp android, and business android before version 2.18.348, 2.18.15, 2.19.51, 2.19.51, 2.19.134, and 2.19.44 respectively.



      This website only uses cookies that are necessary for the site to function and they do not contain any personal data. You can find out more about the cookies used in our Cookie Policy.