UAE Banking Customers Warned of WhatsApp Zero-Day Exploit Targeting Smartphones
A critical WhatsApp security flaw has emerged in the UAE, enabling cybercriminals to hijack smartphones via a single voice call without requiring any user interaction. Emirates NBD issued an urgent advisory after reports revealed the attack exploits an undisclosed zero-day vulnerability, a software weakness unknown to developers until it is actively abused. This gives attackers a significant advantage before a patch is released.
The breach leverages WhatsApp’s calling feature, allowing hackers to silently infiltrate devices and access private data, including photos, messages, and financial information. Victims may remain unaware of the compromise, as the attack does not trigger visible alerts or require engagement.
Cybersecurity officials in the UAE, citing sources from Gulf News, warn that the timing of the attack is deliberate. The holiday season’s surge in calls and messages creates an ideal cover for malicious activity, as users are less likely to scrutinize unfamiliar contacts.
Emirates NBD emphasized that banks will never request sensitive details, such as OTPs or PINs, via calls or messages. The institution has urged users to update WhatsApp and their operating systems, enable two-step verification, and silence calls from unknown numbers to mitigate risks. Additional precautions include verifying links for suspicious domains (e.g., ".xyz" or ".kom") and using only official banking channels for transactions.
Authorities advise immediate reporting of any suspected breaches to limit potential damage. The incident underscores the growing sophistication of cyber threats targeting mobile platforms during high-activity periods.
Emirates NBD cybersecurity rating report: https://www.rankiteo.com/company/emirates-nbd
"id": "EMI1768217746",
"linkid": "emirates-nbd",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Banking customers across the '
'UAE',
'industry': 'Banking/Financial Services',
'location': 'UAE',
'name': 'Emirates NBD',
'type': 'Bank'}],
'attack_vector': 'Voice call via WhatsApp',
'customer_advisories': 'Emirates NBD reiterated that it will never ask for '
'personal information or authentication codes via '
'calls or messages. Customers are advised to stay '
'vigilant and follow security best practices.',
'data_breach': {'personally_identifiable_information': 'Likely',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Private photos',
'Personal conversations',
'Sensitive financial data']},
'description': 'Banking customers across the UAE are being urged to stay '
"vigilant after reports of a serious WhatsApp 'zero-day' "
'security breach that could allow cybercriminals to take over '
'smartphones through a single voice call. The attack exploits '
'an undisclosed software flaw, enabling hackers to compromise '
'devices without user interaction. Once compromised, attackers '
'may access private photos, personal conversations, and '
'sensitive financial data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to banks '
'and WhatsApp',
'data_compromised': 'Private photos, personal conversations, '
'sensitive financial data',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Smartphones (WhatsApp users)'},
'initial_access_broker': {'entry_point': 'WhatsApp voice call'},
'lessons_learned': 'Zero-day vulnerabilities pose significant risks, '
'especially during high-activity periods like holidays. '
'Proactive security measures (e.g., updates, two-step '
'verification) are critical to mitigating such threats.',
'motivation': 'Financial gain, data theft',
'post_incident_analysis': {'corrective_actions': 'Encouraging users to update '
'apps, enable two-step '
'verification, and mute '
'unknown calls',
'root_causes': 'Undisclosed zero-day vulnerability '
"in WhatsApp's calling feature"},
'recommendations': ['Keep apps and software updated',
'Enable WhatsApp two-step verification',
'Silence calls from unknown numbers',
'Use only official banking channels',
'Examine links carefully',
'Report suspicious activity immediately'],
'references': [{'source': 'Gulf News'}],
'response': {'communication_strategy': 'Urgent advisory to customers via '
'official channels',
'containment_measures': 'Advisory issued to customers, '
'recommendations for security updates '
'and two-step verification',
'remediation_measures': 'Encouraging app and OS updates, '
'enabling two-step verification, muting '
'unknown calls'},
'stakeholder_advisories': 'Emirates NBD issued an urgent advisory to '
'customers warning of the threat and providing '
'protective measures.',
'title': 'WhatsApp Zero-Day Security Breach Targeting UAE Banking Customers',
'type': 'Zero-Day Exploit',
'vulnerability_exploited': 'Undisclosed zero-day vulnerability in WhatsApp '
'calling feature'}