UAE Banking Customers Warned of WhatsApp Zero-Day Exploit Targeting Smartphones A critical WhatsApp security flaw has emerged in the UAE, enabling cybercriminals to hijack smartphones via a single voice call without requiring any user interaction. Emirates NBD issued an urgent advisory after reports revealed the attack exploits an undisclosed zero-day vulnerability, a software weakness unknown to developers until it is actively abused. This gives attackers a significant advantage before a patch is released. The breach leverages WhatsApp’s calling feature, allowing hackers to silently infiltrate devices and access private data, including photos, messages, and financial information. Victims may remain unaware of the compromise, as the attack does not trigger visible alerts or require engagement. Cybersecurity officials in the UAE, citing sources from Gulf News, warn that the timing of the attack is deliberate. The holiday season’s surge in calls and messages creates an ideal cover for malicious activity, as users are less likely to scrutinize unfamiliar contacts. Emirates NBD emphasized that banks will never request sensitive details, such as OTPs or PINs, via calls or messages. The institution has urged users to update WhatsApp and their operating systems, enable two-step verification, and silence calls from unknown numbers to mitigate risks. Additional precautions include verifying links for suspicious domains (e.g., ".xyz" or ".kom") and using only official banking channels for transactions. Authorities advise immediate reporting of any suspected breaches to limit potential damage. The incident underscores the growing sophistication of cyber threats targeting mobile platforms during high-activity periods.