WhatsApp says hackers attacked and installed sophisticated spyware on an unknown number of people’s smartphones.
WhatsApp, which has 1.5 billion users, said “an advanced cyber actor” infected an unknown number of people’s devices with the malware, which it said it discovered in early May.
The company is urging all those users to update the messaging app as soon as possible.
The spyware, named Pegasus, was developed by the secretive Israeli spyware company NSO Group. Pegasus has the ability to give hackers full access to a phone remotely, allowing them to read messages, see contacts and activate the camera.
Whatsapp confirmed that a “select number” of users had been victims and that the bug affects all but the latest version of the app on iOS and Android.
The attack involved cyber hackers using WhatsApp’s voice calling function to ring a device. The advanced surveillance software would then be installed, even if that call was not picked up.
The Financial Times on Monday evening reported that cyber hackers had been using the loophole up until Sunday evening when it was used to target a UK-based human rights lawyer.
The vulnerability was also used to target a researcher at Amnesty International, which is fighting for the NSO Group to have its export license withdrawn by the Israeli government.
A spokesman for NSO, which is believed to sell its spyware to intelligence agencies and nation states, said that it was investigating the issue. The spokesman said NSO “would not, or could not” use its own technology to target “any person or organization”, including the UK lawyer.