CISA warns of attacks on messenger users
The US cybersecurity agency CISA warns of attacks on users of messengers like Signal or WhatsApp.
(Image: Henk Vrieselaar/Shutterstock.com)
The US cybersecurity agency CISA has issued a warning for Messenger users. According to the agency, they are being targeted by several cyber gangs who want to trick them into installing commercial spyware.
The perpetrators use advanced victim selection and social engineering techniques to infiltrate spyware and gain unauthorized access to victims' Messenger apps, explains the CISA in its alert. Victims' mobile devices could be further compromised by the installation of additional malicious software.
The attackers rely on phishing and malicious QR codes to link devices and compromise victims' accounts, connecting them to devices that are under their control. They also exploit zero-click vulnerabilities to gain unauthorized access without any user interaction. -- At the end of August, a similar vulnerability in WhatsApp that had already been attacked became known. Further threat scenarios include fake messenger app platforms: websites that imitate those of services like Telegram or Signal or other popular services and distribute malicious spyware like Clayrat there.
Victim selection: high-profile individuals
CISA further explains that targets are selected opportunistically. However, there are indications that cyber attackers are focusing on high-profile individuals, such as current or former high-ranking government, military, and political officials and employees, as well as those from civil society organizations and individuals from the United States, the Middle East, and Europe. CISA therefore recommends following the guidance on best practices in mobile communication.
Videos by heise
In the PDF document, the agency provides tips such as the recommendation to only use end-to-end encrypted communication, as provided by Signal or comparable apps. This should be available for all platforms used. Messenger users should remain vigilant and not fall for social engineering tactics where attackers claim the account has been compromised and then grant them access. CISA further recommends authentication with FIDO, ideally with hardware dongles, to be better protected against phishing. In any case, multi-factor authentication (MFA) via SMS should be avoided. The document provides these and other tips, as well as specializations for Android and iOS, for interested parties.
(dmk)
