CISA alert draws attention to spyware\u2019s targeting of messaging apps | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA alert draws attention to spyware\u2019s targeting of messaging apps\"> <meta property=\"og:description\" content=\"The agency\u2019s brief notice also directed messaging app users to advice on how to protect themselves.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-11-24T20:18:58+00:00\"> <meta property=\"article:modified_time\" content=\"2025-11-24T20:19:02+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1281\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1763493151g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1763502595g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1763439630g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86939\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86939\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86939 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.677919708029\">\n<div class=\"single-article__header-content\" readability=\"34.323287671233\">\n<p> The agency\u2019s brief notice also directed messaging app users to advice on how to protect themselves. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86939\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=1536,1025 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> In this photo illustration, social media and messaging apps are seen on a mobile phone screen on Nov. 11, 2025 in Istanbul, Turkey. (Photo Illustration by Chris McGrath\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"20.582914572864\"><body readability=\"42.736104156234\"><\/p>\n<p>The Cybersecurity and Infrastructure Security Agency warned Monday about threat groups using commercial spyware to target messaging apps, and urged users to take protective steps.<\/p>\n<p>\u201cCISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps),\u201d the agency said in a <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/11\/24\/spyware-allows-cyber-threat-actors-target-users-messaging-applications\">brief online notice<\/a>. \u201cThese cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim\u2019s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim\u2019s mobile device.\u201d<\/p>\n<p>The warning draws on research this year that calls attention to hackers who are <a href=\"https:\/\/cyberscoop.com\/russian-spyware-clayrat-is-spreading-evolving-quickly-according-to-zimperium\/\">mimicking popular apps<\/a> to deploy Android spyware, as well as Android spyware <a href=\"https:\/\/cyberscoop.com\/landfall-spyware-samsung-phones-palo-alto-networks-unit-42\/\">targeting Samsung devices<\/a> by sending image files over WhatsApp. The warning also piggybacks on research about Russian hackers <a href=\"https:\/\/cyberscoop.com\/russia-threat-groups-target-ukraine-signal\/\">infecting Signal accounts<\/a>.<\/p>\n<p>\u201cWhile current targeting remains opportunistic, evidence suggests these cyber actors focus on high-value individuals, such as current and former high-ranking government, military, and political officials, as well as civil society organizations (CSOs) and individuals across the United States, Middle East, and Europe,\u201d the CISA warning states.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>It\u2019s rare, but not unheard of, for CISA to warn about spyware threats. <a href=\"https:\/\/www.cisa.gov\/news-events\/news\/recognizing-and-avoiding-spyware\">One alert<\/a> dates back to 2009 from a predecessor to CISA. It has released <a href=\"https:\/\/www.cisa.gov\/resources-tools\/training\/follow-cybersecurity-best-practices-protect-yourself-tracking-technologies-and-spyware\">cybersecurity advice<\/a> for dealing with spyware, and placed vulnerabilities that spyware vendors have exploited on its so-called <a href=\"https:\/\/cyberscoop.com\/cisa-kev-catalog-must-patch-list\/\">\u201cmust-patch\u201d list<\/a> for federal agencies, including <a href=\"http:\/\/cisa.gov\/news-events\/alerts\/2025\/11\/10\/cisa-adds-one-known-exploited-vulnerability-catalog\">the recent Samsung vulnerability<\/a>.<\/p>\n<p>This time, CISA directed users to <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/mobile-communications-best-practice-guidance\">mobile security guidelines<\/a> and advice for <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/mitigating-cyber-threats-limited-resources-guidance-civil-society\">civil society groups<\/a>. <\/p>\n<p>Beyond the warnings about targeting messaging apps, CISA also said threat groups are using malicious QR codes and zero-click exploits, which infect users even if they don\u2019t take any direct action themselves.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/11\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA alert draws attention to spyware\u2019s targeting of messaging apps<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2491,452,302,117,268,270,3415,3365,482,2294],"tags":[2493,454,306,119,274,276,3417,3369,484,2303],"class_list":["post-8130","post","type-post","status-publish","format-standard","hentry","category-android","category-cybersecurity-and-infrastructure-security-agency-cisa","category-geopolitics","category-government","category-privacy","category-russia","category-samsung","category-signal","category-spyware","category-whatsapp","tag-android","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-geopolitics","tag-government","tag-privacy","tag-russia","tag-samsung","tag-signal","tag-spyware","tag-whatsapp"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/android\/\" rel=\"category tag\">Android<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/privacy\/\" rel=\"category tag\">Privacy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/samsung\/\" rel=\"category tag\">Samsung<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/signal\/\" rel=\"category tag\">signal<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/spyware\/\" rel=\"category tag\">spyware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/whatsapp\/\" rel=\"category tag\">WhatsApp<\/a>","tag_info":"WhatsApp","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8130"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8130\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8130,"date":"2025-11-24T14:18:58","date_gmt":"2025-11-24T20:18:58","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86939"},"modified":"2025-11-24T14:18:58","modified_gmt":"2025-11-24T20:18:58","slug":"cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/11\/24\/cisa-alert-draws-attention-to-spywares-targeting-of-messaging-apps\/","title":{"rendered":"CISA alert draws attention to spyware\u2019s targeting of messaging apps"},"content":{"rendered":"