CISA Warns: Signal and WhatsApp Users Targeted by State-Backed Spyware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that state-backed hackers and cybercriminals are increasingly targeting users of encrypted messaging apps such as Signal and WhatsApp. These attacks are not about breaking the encryption itself, but rather about compromising the user’s device to access messages and personal data directly.

Attackers have used methods like sending fake QR codes or device-linking codes. When a user scans such a code, their account can be linked to a device controlled by the attacker, allowing messages to be read in real time. In more advanced cases, hackers have employed “zero-click” exploits, where a malicious image or file can infect a phone without any interaction from the user. Once a device is compromised, attackers can gain access not only to messages but also to photos, contacts, call logs, location information, and even call recordings.

While high-value targets such as politicians, government officials, and military personnel are most commonly targeted, civil society members, NGOs, and regular users have also been affected. These incidents have been reported across the U.S., Europe, and the Middle East.

CISA advises users to keep their phones and messaging apps fully updated to ensure they have the latest security patches. Apps should always be downloaded from official sources, and users should exercise caution when receiving QR codes or device-linking invites, particularly from unknown sources. Although encrypted messaging apps are generally secure, if the device itself is compromised, encryption cannot protect the data.