The Cybersecurity and Infrastructure Security Agency warned Monday about threat groups using commercial spyware to target messaging apps, and urged users to take protective steps.

“CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps),” the agency said in abrief online notice. “These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device.”

The warning draws on research this year that calls attention to hackers who aremimicking popular apps to deploy Android spyware, as well as Android spywaretargeting Samsung devices by sending image files over WhatsApp. The warning also piggybacks on research about Russian hackersinfecting Signal accounts.

“While current targeting remains opportunistic, evidence suggests these cyber actors focus on high-value individuals, such as current and former high-ranking government, military, and political officials, as well as civil society organizations (CSOs) and individuals across the United States, Middle East, and Europe,” the CISA warning states.

It’s rare, but not unheard of, for CISA to warn about spyware threats.One alert dates back to 2009 from a predecessor to CISA. It has releasedcybersecurity advice for dealing with spyware, and placed vulnerabilities that spyware vendors have exploited on its so-called“must-patch” list for federal agencies, includingthe recent Samsung vulnerability.

This time, CISA directed users tomobile security guidelines and advice forcivil society groups. 

Beyond the warnings about targeting messaging apps, CISA also said threat groups are using malicious QR codes and zero-click exploits, which infect users even if they don’t take any direct action themselves.