© 2026 CoolTechZone - Latest tech news,
product reviews, and analyses.

CISA is warning about spyware attacks targeting users of messaging applications

by  Anton Mous
Image of Cybersecurity & Infrastructure Security Agency (CISA) and NSA headquarters

The Cybersecurity & Infrastructure Security Agency (CISA), the national cybersecurity agency of the United States, is warning users of messaging applications about attacks involving commercial spyware.

According to CISA, threat actors are actively deploying spyware to attack chat application users to gain access to a victim’s messaging app.

Furthermore, the spyware enables them to deploy additional malicious payloads to further compromise the victim’s mobile device.

Threat actors use a variety of tactics to infect mobile devices, including phishing, device-linking QR codes, zero-click exploits, and impersonating popular messaging platforms such as Signal and WhatsApp.

“While current targeting remains opportunistic, evidence suggests these cyber actors focus on high-value individuals, such as current and former high-ranking government, military, and political officials, as well as civil society organizations (CSOs) and individuals across the United States, Middle East, and Europe,” CISA says in a Cybersecurity Advisory.

Users of chat applications are recommended to follow CISA’s updated Mobile Communications Best Practice Guidance and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society for steps to protect mobile communications and messaging apps, as well as mitigations against spyware.

These documents suggest that iPhone users should enable Lockdown Mode and use Apple iCloud Private Relay. Lockdown Mode offers an extreme, optional level of security for the very few users who may be personally targeted by some of the most sophisticated digital threats.

Private Relay is a VPN service that encrypts your internet traffic by sending it through two servers. Apple maintains the first server and removes the IP address from the web traffic. Apple assigns an anonymous IP address and forwards the internet traffic to a second server. A third party maintains this server and assigns a temporary IP address to the internet traffic. Finally, it sends users to the website they want to visit.

CISA recommends Android users to enable Android Private DNS, which allows them to use a secure DNS provider instead of the default one from their internet service provider, enhancing their privacy.

Lastly, CISA advises against using SMS, and users should limit the permissions of their apps.

Share
Post
Share
Share
Share
Share
Share