Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: spyware (2 articles)Clear

Meta disrupts new NSO spyware phishing aimed at WhatsApp users

Meta says it caught and shut down fresh spear-phishing attempts linked to Israeli spyware maker NSO Group that tried to lure WhatsApp users into clicking malicious links leading to sites outside the app, mirroring the one-click attacks NSO has used to plant its Pegasus spyware. Meta also found and removed NSO-created test accounts and groups, and published the malicious domains involved. The company is now asking a US federal court to hold NSO in contempt for violating the permanent injunction issued last year barring it from targeting WhatsApp. High-risk users such as journalists, activists, and officials are the usual targets of this kind of mercenary spyware.

Check
Block the NSO-linked phishing domains Meta published at your web and DNS gateways, and review whether high-risk staff received WhatsApp messages pushing links to external sites.
Affected
WhatsApp users targeted by one-click social-engineering links, especially high-risk individuals like journalists, activists, and government officials who are typical mercenary-spyware targets.
Fix
Avoid clicking links in unsolicited WhatsApp messages, enable Lockdown Mode on iOS and Android for high-risk users, keep devices fully updated, and block the published malicious domains.

Android spyware Asin targets Arabic journalists via fake news and map apps

Security firm ESET has detailed a new Android spyware it calls Asin that targets Arabic-speaking users, likely journalists and open-source investigators. Victims are lured to convincing fake websites posing as a government news service, a secure PDF reader, and live war-map tools, some promoted through Facebook and Telegram pages. The sites offer apps such as GovLens, WarMap, and Syria Defense Map that work as advertised but hide spyware underneath. Because the apps come from outside official stores, victims must manually install them and grant permissions. ESET has not tied the campaign to a known group, and its exact goals remain unclear.

Check
Review managed Android devices for sideloaded apps named GovLens, WarMap, or Syria Defense Map, and check DNS and proxy logs for the known Asin distribution domains.
Affected
Android users in Arabic-speaking regions, especially journalists and OSINT researchers, who sideloaded apps from govlens[.]net, pdf-reader[.]help, live-war-map[.]com, or syriadefensemap[.]com.
Fix
Remove the malicious apps, block the listed domains at your DNS or proxy, disable installation from unknown sources, and run a mobile security scan on affected phones.