Skip to Main Content

WhatsApp urges users to act after confirming cyber surveillance attack

A vulnerability in the messaging app allowed it to be infected with spyware with a missed in-app call function.


Cyber attackers were able to install spyware on WhatsApp through its voice call function, even if the user didn't pick up the call. Often, the call would disappear from the device’s call log, so no visible trace was left.

Dozens of WhatsApp users including human rights organisations and a UK based lawyer may have been targeted in the attack which exploited a major vulnerability in the app in an attempt to take over the operating system.

The breach was discovered in early May and has since been fixed. Users are urged to update their app to the latest version.

But Citizen Lab at the University of Toronto has said an attacker attempted to exploit the app, and was blocked, as recently as Sunday evening.

The Financial Times reported the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.

Although the group has not been confirmed, WhatsApp said it did not refute any coverage related.

Top Tips: 

  • Facebook is urging WhatsApp users to upgrade to the latest version of its messaging service

  • Android: Go to Play Store, then tap Menu > My apps & games. Tap UPDATE next to WhatsApp Messenger

  • iPhone: Go to App Store, then tap Updates. Tap UPDATE next to WhatsApp Messenger

  • Windows Phone 8.1: Visit the store and select menu. Click on ‘My apps’ and select WhatsApp to update.
  • Windows Phone 10: Visit the Microsoft store and click on ‘Menu’. Select ‘My Library’ and tap ‘Update’ next to WhatsApp.