Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
Banner Ransomfeed 320x100 1
Banner Desktop
CISA Warns of Spyware Attacks on Mobile Messaging Apps

CISA Warns of Spyware Attacks on Mobile Messaging Apps

Redazione RHC : 25 November 2025 14:34

An important advisory was published on Monday by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) , warning that malicious actors are actively using commercial spyware tools and remote access trojans (RATs) to target users of mobile messaging apps.

“These cybercriminals use sophisticated targeting and social engineering techniques to spread spyware and gain unauthorized access to the victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device,” the U.S. agency said.

CISA cited several campaigns that emerged since the beginning of the year as examples. These include:

  • The Signal messaging app has been targeted by multiple Russian-aligned threat actors, exploiting the service’s “connected devices” feature to hijack targeted user accounts.
  • Android spyware campaigns codenamed ProSpy and ToSpy impersonating apps like Signal and ToTok to target users in the United Arab Emirates to distribute malware that establishes persistent access to compromised Android devices and exfiltrates data
  • An Android spyware campaign called ClayRat targeted users in Russia who use Telegram channels and similar phishing pages, impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube to trick users into installing them and steal sensitive data.
  • A targeted attack campaign that likely chained two security flaws in iOS and WhatsApp ( CVE-2025-43300 and CVE-2025-55177 ) to affect fewer than 200 WhatsApp users
  • A targeted attack campaign involving the exploitation of a Samsung security flaw (CVE-2025-21042) to distribute Android spyware called LANDFALL to Galaxy devices in the Middle East

The threat actors, according to the agency, use various strategies to achieve compromise, including using QR codes that link to devices, exploiting zero-click vulnerabilities, and spreading counterfeit versions of messaging apps.

To counter the threat, the agency is urging highly targeted individuals to review and adhere to the following best practices:

  • Use only end-to-end encrypted (E2EE) communications
  • Enable phishing-resistant Fast Identity Online (FIDO) authentication
  • Abandon short message service (SMS)-based multi-factor authentication (MFA)
  • Use a password manager to store all your passwords
  • Set up a telco PIN to protect your mobile phone accounts
  • Update your software periodically
  • Choose the latest hardware version from your mobile phone manufacturer to maximize security benefits.
  • Do not use a personal virtual private network (VPN)
  • On iPhones, enable Lockdown Mode, sign up for iCloud Private Relay, and review and limit sensitive app permissions.
  • On Android phones, choose phones from manufacturers with a strong security track record, only use Rich Communication Services (RCS) if E2EE is enabled, enable Enhanced Protection for Safe Browsing in Chrome, ensure Google Play Protect is turned on, and review and limit app permissions

CISA reports that high-profile individuals, including current and former government officials, military personnel, and politicians, as well as civilian organizations and private citizens located in the United States, the Middle East, and Europe, are being targeted, as outlined by CISA.

  • Android malware
  • cisa
  • cyber attacks
  • cybersecurity threats
  • data protection
  • ios security
  • messaging apps
  • Mobile security
  • Online Safety
  • spyware
Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli