On November 24, 2025, the Cybersecurity & Infrastructure Security Agency (CISA) issued an alert titled “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications,” which outlines how “multiple cyber threat actors” are “leveraging commercial spyware to target users of mobile messaging applications.”
The threat actors “use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.”
According to the alert, the threat actors use tactics including:
- Phishing and malicious device-linking QR codes to compromise victim accounts and link them to actor-controlled devices;
- Zero-click exploits, which do not require direct action from the device user; and
- Impersonation of messaging app platforms, such as Signal and WhatsApp.
The threat actors target “high-value individuals, such as current and former high-ranking government, military and political officials, as well as civil society organizations (CSOs) and individuals across the United States, Middle East and Europe.” CISA “strongly encourages messaging app users to review” its updated Mobile Communications Best Practice Guide and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society.