Spyware Targeting Signal & WhatsApp Users — Even Encryption Can’t Save You

CISA has issued a new alert: state-backed hackers and cybercriminal groups are increasingly using spyware and other advanced tools to target users of encrypted messaging apps like Signal, WhatsApp and Telegram. The attacks don’t try to crack encryption — instead they compromise the user’s phone itself, making encryption irrelevant.

According to CISA, these attackers often employ a mix of deceptive and stealthy techniques:

• They may send malicious QR codes disguised as legitimate device-linking or security requests that secretly link the victim’s account to an attacker-controlled device.
• Sometimes, zero-click vulnerabilities are used — specially crafted media (like images or files) can infect a device without any action required from the user.
• Fake or tampered versions of messaging apps are also used to trick users into installing spyware under the guise of legitimate software.

Once spyware is installed, attackers can read messages (even after encryption decrypts them on the device), access photos, contacts, call history, location data, and potentially even activate the microphone or camera.

CISA says most attacks are aimed at “high-value” individuals — government officials, military or political people, activists, journalists — but warns that ordinary users are not immune either.

Because the threat exploits device vulnerabilities (not the messaging apps themselves), encryption alone is not enough. Users must secure their devices at the operating-system and hardware level to stay safe