ALL POSTS

Key Findings Meta announced new Strict Account Settings on WhatsApp to enhance the security of high-risk users from advanced, targeted cyber attacks. Strict Account Settings is a lockdown-style security feature that applies the most restrictive privacy settings, limits how the app works, and blocks attachments or media from people not in your contacts. Meta is adopting the Rust programming language in WhatsApp's media sharing features to better protect photos, videos, and mes

Key Findings The Astaroth banking Trojan is spreading in Brazil through a WhatsApp worm that automatically sends malicious messages to victims' contacts. The malware uses a Python-based propagation module to harvest the victim's WhatsApp contacts and automatically forward infected ZIP files, enabling self-spreading capabilities. A separate banking module operates silently in the background, monitoring the victim's browsing activity and stealing credentials when banking-relate

Key Findings An NPM package named 'Lotusbail' with over 56,000 downloads has been stealing WhatsApp credentials and data The package is a fork of the legitimate 'Baileys' WhatsApp Web API library, making it hard to detect It intercepts and exfiltrates user credentials, messages, contacts, and media, encrypting the data with custom RSA before sending it to the attacker The malware also hijacks the WhatsApp device pairing process, secretly linking the attacker's device to the v

Key Findings: A malicious npm package named "lotusbail" has been discovered that poses as a functional WhatsApp API, but actually steals users' messages, contacts, and login tokens. The package has been downloaded over 56,000 times since it was first uploaded in May 2025. The package is designed to capture authentication tokens, session keys, message history, contact lists, media files, and documents, and transmit the stolen data to an attacker-controlled server. The package

Key Findings CISA has issued an alert warning of threat actors actively using commercial spyware and remote access trojans (RATs) to target users of mobile messaging apps like Signal and WhatsApp. The attackers employ sophisticated social engineering and targeting techniques to deliver spyware and gain unauthorized access to victims' messaging apps, enabling further device compromise. The targeting appears opportunistic but often focuses on high-value individuals such as gove

Key Findings Sturnus is a new Android banking trojan with full device-takeover capabilities It targets secure messaging apps like WhatsApp, Telegram, and Signal to bypass encryption and steal sensitive data Sturnus employs sophisticated techniques like HTML overlays and accessibility-based keylogging to capture on-screen content, including messages, contacts, and credentials The malware enables remote control of infected devices through screen mirroring and a structured UI ma

Key Findings Researchers discovered a previously unknown Android spyware family dubbed LANDFALL, which leveraged a zero-day vulnerability (CVE-2025-21042) in Samsung's image processing library to compromise Galaxy devices. The campaign, active since mid-2024, appears to have targeted users in the Middle East, with the spyware embedded inside malicious DNG image files sent through WhatsApp. The exploit relies on malformed DNG (Digital Negative) image files, exploiting a flaw i

Key Findings: A new commercial-grade spyware called "Landfall" has been targeting Samsung Galaxy phones in the Middle East since at least mid-2024. Landfall exploited a previously unknown, unpatched vulnerability (zero-day) in Samsung's Android image processing library, tracked as CVE-2025-21042. The spyware was delivered through malicious DNG image files sent via WhatsApp, with no user interaction required (zero-click). Landfall has extensive surveillance capabilities, inclu