WhatsApp says a vulnerability in the popular communications app allows sophisticated spyware to infect mobile phones with a missed call alone in the app.
The Facebook subsidiary says “an advanced cyber actor” was infected with the malware by an unknown number of people, which it says discovered early May. A spokesman for WhatsApp who would not be further identified said that at least a quantity in the dozens would not be inaccurate.
WhatsApp said the attack had all the characteristics of a private company known to work to infect phones with governments.
The Financial Times identified the company Monday as Israel’s NSO Group, which is known to have used Pegasus software against rights activists.
WhatsApp said it was contacting human rights groups, fixing the issue quickly and pushing out a patch.