A zero-day vulnerability was exploited by attackers. The surveillance software would have let an attacker read the messages on the target’s device.The malware is giving them access to information including location data and private messages. It was said the spyware was developed by Israel’s NSO Group whose Pegasus software is known to have targeted human-rights activists but the firm denied any involvement. Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.
The messaging platform previously declared itself as a secure end-to-end encryption app for communications. Security specialists described the malware described the flaw as: “a buffer overflow vulnerability in WhatsApp VOIP [voice over internet protocol] stack allowed remote code execution via specially crafted series of SRTCP [secure real-time transport protocol] packets sent to a target phone number.” In fact, it was an old method of attack. The flaw now was patched. WhatsApp users are being urged to update the app immediately after it was hacked.