In the beginning of May, WhatsApp discovered that the service was used to install a sophisticated surveillance malware on an unknown number of smartphones. The hackers used the security flaw in WhatsApp’s voice calling function that enabled them to run ‘a remote code execution via specially crafted series of secure real-time transport protocol (SRTCP) packets sent to a target phone number’. The infection by the malicious code would happen even if the call had not been answered. The vulnerability enabled hackers to read messages on the target's device with interception tools bypassing the end-to-end encryption used in WhatsApp.
The scale of infected devices is unknown yet, but researchers claim the attack targeted a small number of human rights activists. The surveillance software was attributed by the Financial Times to the Israeli NSO Group, famous for its Pegasus program used by some governments to intercept the communications of human rights activists. However, the NSO Group denied its involvement in the attack. WhatsApp encouraged people to upgrade to the latest version of the app on Android, iOS, and Windows phone devices.