How to protect your smartphone against new spyware that decrypts WhatsApp and other messages

The online conversations we have with our iPhones and Android smartphones on WhatsApp, Instagram, TikTok, Telegram, and Facebook Messenger are now under a major threat.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert that multiple cyber threat actors are actively leveraging commercial spyware to target users of mobile messaging applications worldwide. 

This was revealed in a recent report by Forbes. The report stated that the spyware is currently in a development or limited testing phase. However, it still provides hackers with the ability to gain full device control and harvest banking credentials by bypassing encrypted messaging.

“The good news is that this has not been broken; the attackers have not found a way to read your encrypted messages. What they have done, however, is put together a complex technical process that, ultimately, does something very simple indeed: it reads your messages after you’ve decrypted them and they are displayed on the smartphone screen,” the report said.

Unfortunately, this isn’t a “foreign problem” affecting only people in the US and UK. The wave of attacks now affects devices in Nigeria. This is because these tools are designed to operate globally and remotely. They can target a device in Lagos as easily as one in London or New York, making geography irrelevant to the attack’s technical success.

However, the Nigerian smartphone market is dominated by imported devices, primarily sourced from countries such as China and the U.S. This means that the security, or lack thereof, on these imported platforms makes Nigerian users direct targets for the same global cyber threats.

While these attacks were initially thought to target “high-value individuals” like politicians and journalists in the West region, the widespread nature of the spyware means regular users in are now being compromised.

Read also: Funds recovered from cybercriminals used to finance student loans and other schemes – Shettima

For iPhone users like Emmanuel, a Lagos-based iPhone 11 Pro Max user who experienced the attack, he said: 

“For two weeks now, I’ve been noticing that someone has been trying to hack into most of the accounts I manage on my iPhone. This morning, I noticed that the person was trying to hack the TikTok account. So I had to check whether two-factor authentication was still turned on, and I realised it was off on all my social media platforms. Immediately, I reactivated them.” 

For Android users like Blessing, who uses a Tecno smartphone here in Lagos, Nigeria, the attack was more focused on her WhatsApp communities. She noticed someone was trying to hack into the WhatsApp group chats she manages, indicating an attempt to steal information or spread disinformation within her network.

Here are the step-by-step instructions to secure your smartphone, with guides for both iPhone and Android, from a spyware attack according to America’s Cyber Defence Agency.

Read also: Kenyan authorities contain cyberattack that hit multiple government websites

Protections for iPhone users

• Enable lockdown mode (High-Risk users): If you are an activist, journalist, or manage sensitive corporate accounts, activate Lockdown Mode. While restrictive, it seriously limits the features available for exploitation.
• Audit app permissions: Go to your iPhone settings and review which apps have access to your Location, Camera, and Microphone. Revoke access for any app that does not absolutely need it to function.
• Use iCloud private relay: Enable this feature to help mask your IP address during web browsing, adding an extra layer of privacy to your online activity.
• Disable SMS fallback (iMessage): In your messaging settings, ensure that if iMessage encryption fails, the message doesn’t automatically drop to an insecure SMS text.

Protections for Android users

• Ensure Google Play Protect is ON: This is your primary defence against malicious apps. Ensure this is active on your device to constantly scan and block known threats.
• Restrict App permissions: Like the iPhone advice, audit and limit which apps can access sensitive hardware like your Camera, Microphone, and Contacts. Spyware uses these for surveillance.
• Enable enhanced safe browsing in Chrome: Turn on this feature in your Chrome browser settings for stronger, proactive protection against dangerous sites and downloads.
• Download Apps only from the Play Store: The Sturnus Trojan and other malware are often distributed through fake apps on third-party websites. Never sideload apps or download APKs from outside the official Google Play Store.

Protection for both iOS & Android

Update everything, always: Make sure your phone’s Operating System (OS) and all apps, especially your messaging and social apps, are set to auto-update or are manually patched immediately when an update is available. This is how vulnerabilities are closed.

Stop using SMS for authentication: Multi-Factor Authentication (MFA) is great, but SMS codes can be intercepted. Immediately switch to app-based authenticator tools like Google Authenticator or Microsoft Authenticator for all your social media and email accounts.

Verify linked devices: Go into the settings of WhatsApp and Telegram, specifically checking the “Linked Devices” or “Active Sessions” list. If you see any device you don’t recognise, log it out immediately.

Use a secure password manager: Generate and store long, random, and unique passwords for every platform. This prevents a hack on one account (e.g., Instagram) from compromising all your others (e.g., TikTok).

Read also: Nigeria recorded an average of 6,101 cyberattacks weekly in July 2025