Vulnerability Management, Malware, Application security

WhatsApp zero-day exploited by NSO Group post lawsuit

Whatsapp BEC scam arrest

CyberScoop reports that Israel spyware maker NSO Group has been undeterred from developing new malware based on WhatsApp exploits following a lawsuit from the Meta-owned instant messaging and voice-over-IP service alleging its federal and state hacking law violations.

While WhatsApp proceeded to disable the "Eden" exploit leveraged by NSO Group, the Israeli firm proceeded to create the "Erised" vector to target the app's users until May 2020, noted a court filing from Meta, which also noted that NSO Group, and not its customers, was primarily behind the spyware attacks. "The evidence unveiled [Thursday] shows exactly how NSO's operations violated U.S. law and launched their cyberattacks against journalists, human rights activists and civil society. We are going to continue working to hold NSO accountable and protect our users," said a WhatsApp spokesperson. Meanwhile, Meta's claims have been repudiated by NSO Group, which has emphasized not having access to data obtained by its surveillance tool.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds