Malicious npm package steals WhatsApp accounts and messages
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account. A fork of the popular WhiskeySockets Baileys project, the malicious package provides the legitimate functionality. It has been available on npm published under the name lotusbail for at least […]
WhatsApp device linking abused in account hijacking attacks
Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device. By doing so, threat actors gain access to the full conversation history and […]
WhatsApp API flaw let researchers scrape 3.5 billion accounts
Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. The team reported the issue to WhatsApp, and the company has since added rate-limiting protections to prevent similar abuse. While this study was conducted by researchers who have not released the […]
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. Although still under development, the malware is fully functional and has been configured to target accounts at multiple financial organizations in Europe by using “region-specific overlay templates.” Sturnus […]
CISA orders feds to patch Samsung zero-day used in spyware attacks
CISA ordered U.S. federal agencies today to patch a critical Samsung vulnerability that has been exploited in zero-day attacks to deploy LandFall spyware on devices running WhatsApp. Tracked as CVE-2025-21042, this out-of-bounds write security flaw was discovered in Samsung’s libimagecodec.quram.so library, allowing remote attackers to gain code execution on devices running Android 13 and later. While Samsung patched it in […]
New LandFall spyware exploited Samsung zero-day via WhatsApp messages
A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. The security issue was patched this year in April, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung Galaxy […]
WhatsApp adds passwordless chat backups on iOS and Android
WhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code. Passkeys are a passwordless authentication method that allows users to sign in using biometrics (such as face recognition or fingerprint), PINs, or security patterns instead of traditional passwords. […]
Meta launches new anti-scam tools for WhatsApp and Messenger
Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. On Messenger, the company has started testing more advanced scam-detection for suspicious chats that will warn users when a new contact sends a potentially scammy message, giving them the option to send recent messages for AI scam […]
WhatsApp adds message translation to iPhone and Android apps
WhatsApp has started rolling out a new translation feature that enables Android and iPhone users to translate messages in chats, groups, and channel updates. While iOS users can only use it to translate manually after tapping ‘Translate,’ Android users will also be able to enable automatic translation, allowing all messages in a chat thread to […]
Samsung patches actively exploited zero-day reported by WhatsApp
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. Tracked as CVE-2025-21043, this critical security flaw affects Samsung devices running Android 13 or later and was reported by the security teams of Meta and WhatsApp on August 13. As Samsung explains in a recently updated advisory, this […]