This malicious code could be installed whether or not the victim answered the call, and all record of the call disappeared from the phone after the spyware was installed.
The spyware is capable of trawling through calls, texts and other data, switching on the phone’s camera and microphone and performing other malicious activities, according to reports.
But how do you know if you have been affected by the hack, and what should you do to protect yourself? Here’s what you need to know, according to Mirror.
All smartphones with WhatsApp or WhatsApp Business installed are affected.
This includes Apple’s iPhones, Android phones, Windows Phones and Tizen devices, according to Facebook, which owns WhatsApp.
WhatsApp is used by 1.5 billion people globally.
Am I affected?
The number of people affected by the hack is not yet known.
WhatsApp said it was still investigating the breach but believed only a “select number of users were targeted through this vulnerability by an advanced cyber actor.”
A few targets, including a UK-based human rights lawyer and an Amnesty International researcher, have been identified.
The attack seems to have been primarily targeted at human rights campaigners.
If you haven’t received any WhatsApp voice calls or dropped calls from unknown callers then you have probably not been targeted.
However, you should still take steps to protect yourself, and if you happen to work for a human rights organisation you should be extra vigilant.
What should I do to protect myself?
WhatsApp has fixed the vulnerability on its end, but your account won’t be safe until you install the company’s latest app update.
That’s version 2.19.134 for Android, version 2.19.51 for iOS, version 2.18.348 for Windows Phone and version 2.18.15 for Tizen.
If your device doesn’t install app updates automatically, you can do it manually by going into the app store, searching for WhatsApp, and hitting the “update” button.
While you’re at it, it’s worth making sure your operating system is up to date, as this contains a lot of built-in security features designed to protect you from hackers.
WhatsApp said its advice to all users to update came “out of an abundance of caution” and a recommendation by Citizen Lab, a research group at the University of Toronto that it notified about the vulnerability before the announcement.
Who is behind the attack?
According to the Financial Times, the spyware was developed by secretive Israeli cybersecurity and intelligence company NSO Group.
NSO did not comment on the specific attacks, but said it would investigate any “credible allegations of misuse” of its technology.
The company said it never picks or identifies targets of its technology, “which is solely operated by intelligence and law enforcement agencies”.
“NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual (the UK lawyer),” it said.
A WhatsApp spokesman said the attack was sophisticated and had all the hallmarks of a “private company working with governments on surveillance.”