Hackers have installed surveillance software on mobile phones using Pegasus, exploiting a vulnerability in WhatsApp.
The first thing you need to do is ensure that you have updated Whatsapp on your device. The latest version addresses the vulnerability.
How did they do it? The attackers used WhatsApp voice calls. They rang a phone. It didn't matter whether the call was answered or not.
Technically speaking, a buffer overflow vulnerability in the WhatsApp VOIP stack allowed remote code execution via a specially crafted series of SRTCP packets sent to a target phone number.
The hackers used Pegasus. No, not that Pegasus. Pegasus the flagship software of the NSO Group, an Israeli company that has previously been called a "cyber-arms dealer". It can be used to collect data from a target device, including through the microphone and camera, and GPS location data.
The company said that its software was licensed to authorised government agencies for the sole purpose of fighting crime and terror. They went on to say that NSO had no involvement in operating or identifying targets of its technology. Like so many arms dealers, they make weapons but only sell them to the good guys. So it's fine.