How to protect your smartphone against new spyware that decrypts WhatsApp and other messages

Online conversations conducted on popular platforms such as WhatsApp, Instagram, TikTok, Telegram, and Facebook Messenger are now facing a significant threat. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, revealing that multiple cyber threat actors are actively employing commercial spyware to target users of mobile messaging applications globally.

This critical development was detailed in a recent report by Forbes. The report indicated that while the spyware is currently in a development or limited testing phase, it already empowers hackers to gain complete control over devices and steal banking credentials by circumventing encrypted messaging. The report clarified that the attackers have not managed to break the encryption itself. Instead, they have devised a sophisticated technical process that ultimately achieves a simple, yet dangerous, outcome: it reads messages after they have been decrypted and displayed on the smartphone screen.

This issue extends beyond any single region, with attacks now affecting devices in Nigeria, demonstrating the global reach of these cyber threats. These tools are engineered to operate remotely and can target devices in any location with equal ease, rendering geographical boundaries irrelevant to their technical success.

The Nigerian smartphone market, heavily reliant on imported devices primarily from China and the U.S., makes its users particularly vulnerable. The inherent security characteristics of these imported platforms render Nigerian users direct targets for the same widespread cyber threats.

Initially, these attacks were believed to target "high-value individuals," such as politicians and journalists in Western regions. However, the pervasive nature of this spyware now means that ordinary users are increasingly falling victim to these compromises.

Personal accounts highlight the reality of these threats. Emmanuel, an iPhone 11 Pro Max user in Lagos, Nigeria, described a two-week period of noticing attempted hacks on his accounts, including his TikTok. He discovered that two-factor authentication had been deactivated across his social media platforms and immediately reactivated it.

For Android users like Blessing, who uses a Tecno smartphone in Lagos, the attacks were more targeted towards her WhatsApp community groups. She observed attempts to gain unauthorized access to the groups she manages, suggesting an effort to steal information or spread disinformation within her network.

Protections for iPhone Users

• •
  Enable Lockdown Mode (High-Risk Users): Individuals such as activists, journalists, or those managing sensitive corporate accounts should activate Lockdown Mode. While it restricts certain features, it significantly reduces the attack surface available for exploitation.
• •
  Audit App Permissions: Navigate to your iPhone's settings and meticulously review which applications have access to your Location, Camera, and Microphone. Revoke access for any app that does not require these permissions to perform its core functions.
• •
  Use iCloud Private Relay: Activating this feature helps mask your IP address during web browsing, thereby enhancing your online privacy.
• •
  Disable SMS Fallback (iMessage): Within your messaging settings, ensure that if iMessage encryption fails, messages do not automatically revert to an insecure SMS text format.

Protections for Android Users

• •
  Ensure Google Play Protect is ON: This serves as your primary defense against malicious applications. Confirm that Google Play Protect is active on your device to continuously scan and block known threats.
• •
  Restrict App Permissions: Similar to iPhone users, it is crucial to audit and limit app access to sensitive hardware such as your Camera, Microphone, and Contacts. Spyware frequently exploits these permissions for surveillance purposes.
• •
  Enable Enhanced Safe Browsing in Chrome: Activate this feature within your Chrome browser settings to receive stronger, proactive protection against dangerous websites and downloads.
• •
  Download Apps Only from the Play Store: Malware, including the Sturnus Trojan, is often distributed through unofficial apps on third-party websites. Avoid sideloading apps or downloading APK files from outside the official Google Play Store.

Protection for Both iOS & Android

Update Everything, Always: Ensure that your phone's Operating System (OS) and all applications, particularly messaging and social media apps, are configured for automatic updates or are manually patched promptly when updates become available. This process is essential for closing security vulnerabilities.

Stop Using SMS for Authentication: While Multi-Factor Authentication (MFA) is beneficial, SMS codes are susceptible to interception. Transition immediately to app-based authenticator tools, such as Google Authenticator or Microsoft Authenticator, for all your social media and email accounts.

Verify Linked Devices: Within the settings of applications like WhatsApp and Telegram, specifically check the "Linked Devices" or "Active Sessions" lists. If you encounter any device that you do not recognize, log it out immediately.

Use a Secure Password Manager: Generate and securely store long, random, and unique passwords for every platform. This practice is critical in preventing a compromise on one account, such as Instagram, from leading to the unauthorized access of all your other accounts, like TikTok.