What happened
Security researchers have uncovered a new malware strain dubbed Maverick that targets WhatsApp users by posing as a legitimate app update. Once installed, it hijacks user sessions, steals authentication tokens, and gains access to personal chats and contacts.
Who is affected
The campaign primarily affects Android users who download fake WhatsApp updates from unofficial app stores or phishing links. Businesses using WhatsApp for customer communication or authentication are also at risk of data exposure.
Why CISOs should care
The Maverick malware highlights growing threats targeting widely used communication platforms. Attackers are exploiting trust in mobile apps to bypass multi-factor authentication and infiltrate enterprise networks through compromised personal devices. This underlines the importance of enforcing mobile application security and employee awareness.
3 practical actions
- Advise users to install apps and updates only from official sources such as Google Play or Apple’s App Store.
- Implement mobile device management (MDM) to restrict app installations and monitor suspicious activity.
- Educate employees on phishing and fake update campaigns to prevent credential theft and account compromise.