Sophisticated spyware poses a severe risk to smartphone users, enabling attackers to monitor virtually everything on a device—including encrypted communications in apps like WhatsApp and Signal. While these attacks primarily target journalists, activists, politicians, and high-profile individuals, recent developments suggest the threat is expanding.

Notable cases include infections via NSO Group’s Pegasus spyware affecting figures like Jeff Bezos and the wife of Jamal Khashoggi. In December 2025, Google exposed an exploit chain for Predator spyware, coinciding with a U.S. Cybersecurity and Infrastructure Security Agency (CISA) warning about commercial surveillance tools targeting messaging apps.

The Nature of Modern Spyware Attacks

Many infections occur through “zero-click” exploits, requiring no user action—no tapping links or opening files. Once installed, spyware can capture screenshots, record audio/video, track keystrokes, access notifications, steal credentials, and even impersonate the user to log into cloud accounts. Delivery methods include malicious links, disguised apps, tainted image files, or browser vulnerabilities. Recent incidents highlight browser extensions being hijacked for surveillance on a large scale.

A Growing Global Concern

Commercial spyware, often sold to governments under the guise of combating crime or terrorism, has been misused to suppress dissent. Human rights groups document cases where activists face repeated targeting, forcing some to abandon their work out of fear. The problem extends beyond traditional victims to include government officials and IT professionals for credential theft.

Warning Signs of Infection

Advanced spyware like Pegasus or Predator is stealthy and difficult to detect without expert forensics. Potential red flags include unexplained battery drain, overheating, sluggish performance, unexpected camera/microphone activation, or sudden changes in connectivity. Official threat notifications from Apple, Google, or Meta should be taken seriously. Leaked personal information or compromised contacts can also indicate a breach.

Steps to Protect Your Device

Prevention is the most effective defense:

• Keep everything updated: Install OS and app patches promptly, as they often fix vulnerabilities exploited by spyware.
• Exercise caution: Avoid clicking unknown links, sideloading apps (especially on Android), or accepting suspicious follower requests.
• Use secure tools: Employ a reputable VPN for privacy, and access sensitive sites via the Tor browser when needed.
• Restart regularly: Temporary reboots can disrupt some spyware persistence.
• For high-risk users on iPhone: Activate Lockdown Mode (Settings > Privacy & Security > Lockdown Mode > Turn On). This restricts features like message attachments and unknown FaceTime calls but significantly hardens security. Apple’s latest devices also benefit from Memory Integrity Enforcement, a robust protection against memory-based exploits.
• For Android users: Enable Advanced Protection (Settings > Security & Privacy > Other Settings > Advanced Protection), which includes intrusion detection, USB safeguards, and blocks reconnection to risky networks in newer versions.

If you suspect infection, consider replacing the device, as full removal is challenging. Organizations like Access Now and Reporters Without Borders offer support for targeted individuals. While paranoia isn’t helpful, vigilance—combined with these built-in protections—can substantially reduce risks in an evolving threat landscape.

Original article published by WIRED (January 3, 2026).