A fresh cybersecurity alert has raised concerns for smartphone users across the country, with experts warning that a “zero-day” vulnerability in WhatsApp’s voice call feature could allow hackers to compromise mobile devices through a single call. The most alarming aspect of the attack, specialists say, is that users may not need to answer the call or click on any link for the breach to occur.
Cybersecurity analysts explain that the attack exploits an unknown technical flaw in the platform—commonly referred to as a zero-day vulnerability—which remains undiscovered by the software developer until it is actively exploited. Once a device is compromised, attackers may gain access to personal photographs, private conversations, contact lists, and sensitive financial information, significantly increasing the risk of identity theft and digital fraud.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Higher risk during festive and travel seasons
Researchers tracking cybercrime trends note that such attacks often intensify during periods of heightened online activity. Festive seasons, year-end holidays and travel periods typically see a surge in calls and messages from unfamiliar numbers, making it easier for malicious activity to blend into normal digital behaviour.
According to researchers at the Future Crime Research Foundation (FCRF), the threat is far more dangerous than conventional phishing scams. Unlike fraud attempts that rely on user interaction, this method can operate without any direct action from the victim, making detection and prevention significantly more difficult. Even a missed or incoming WhatsApp voice call can, in certain scenarios, be enough to trigger the exploit.
Understanding a zero-day threat
A zero-day vulnerability refers to a security flaw for which no official fix or patch is available at the time of exploitation. In this case, attackers are reportedly using WhatsApp’s calling mechanism as the entry point to inject malicious code into targeted devices.
Cybersecurity professionals warn that the objective of such attacks often goes beyond data theft. Gaining control over a smartphone can allow criminals to take over digital identities, access banking and payment applications, intercept communications, and carry out financial fraud over an extended period without the user’s immediate knowledge.
Expert warning
Former IPS officer and renowned cybercrime expert Professor Triveni Singh has cautioned that zero-day attacks represent one of the most serious threats faced by everyday users.
“These attacks are particularly dangerous because victims often have no indication that their device has been compromised,” he said. “Once control is established, cybercriminals can quietly access banking apps, emails and social media accounts, causing financial and reputational damage before the breach is detected.”
Experts note that such attacks underscore the growing sophistication of cybercrime, where technical vulnerabilities are exploited faster than platforms can respond.
Key steps to secure your device
Cybersecurity specialists recommend that users adopt a set of basic but critical precautions to reduce exposure to such threats:
- Keep WhatsApp and the mobile operating system updated to the latest version at all times.
- Enable two-step verification on WhatsApp to add an additional layer of account protection.
- Use privacy settings to silence or block calls from unknown numbers.
- Avoid clicking on suspicious links, attachments or festive greeting messages from unfamiliar sources.
- Conduct banking and payment-related activities only through official applications.
- Report any unusual device behaviour or suspected compromise to relevant cyber helplines or authorities immediately.
Vigilance remains the strongest defence
Cyber experts stress that as digital platforms evolve, cybercriminal methods are becoming increasingly advanced and covert. In the absence of immediate technical fixes for zero-day vulnerabilities, user awareness and timely action remain the most effective safeguards.
Security professionals advise that any call, message or activity that appears out of the ordinary should not be ignored. In today’s digital landscape, heightened vigilance, regular updates and informed usage are essential to staying protected against emerging cyber threats.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
