UAE Bank Warns of WhatsApp Zero-Day Exploit Targeting Smartphone Users

News

1. Zoho Launches First Middle East Data Centers in UAE
2. Apple Bets on Google’s Gemini to Anchor Its AI Future
3. UAE Bank Warns of WhatsApp Zero-Day Exploit Targeting Smartphone Users
4. Mastercard Move Powers botim money’s Expansion into 150+ Remittance Corridors
5. In the UAE, Business Leaders View Uncertainty as an Opportunity, IBM Report Finds
6. 17.5 Mn Instagram Accounts Compromised In Massive Data Leak: Report

Banking customers across the UAE have been advised to remain vigilant following reports of a WhatsApp zero-day security breach that could enable cybercriminals to take control of smartphones through a single voice call.

Emirates NBD, Dubai’s government-owned bank, has issued an urgent customer advisory warning that attackers may be able to compromise devices without users answering or interacting with the call in any way. The bank stressed that the threat is particularly dangerous because it bypasses traditional red flags such as suspicious links, messages, or requests for personal details.

Unlike common phishing scams, the reported attack exploits what cybersecurity experts refer to as a “zero-day vulnerability”—a previously unknown software flaw that developers have not yet had time to fix. Since no security patch exists at the time of exploitation, hackers gain a critical advantage, often operating undetected until the vulnerability is publicly disclosed and addressed.

According to UAE cybersecurity officials quoted by Gulf News, attackers are allegedly using WhatsApp’s calling feature as the entry point.

Once a device is compromised, criminals could gain access to private photos, personal conversations, contact lists, and sensitive financial information. The most concerning aspect of the exploit is that victims may not notice any immediate signs of intrusion, as the attack does not require user consent or action.

Emirates NBD reiterated that it will never request personal information, one-time passwords (OTPs), or authentication codes via phone calls or messaging platforms. Customers are advised to treat any unexpected or unusual communication as suspicious.

Cybersecurity experts believe the timing of the attack may be deliberate. During holiday periods, users typically receive a higher volume of greeting messages, international calls, and travel-related communications. This increase in digital noise allows malicious calls to blend in more easily, reducing suspicion and increasing the likelihood of a successful attack.

To reduce risk, Emirates NBD has outlined several precautionary measures. Customers are advised to keep their phones and apps—particularly WhatsApp—updated with the latest versions, which often include critical security patches. Enabling WhatsApp’s two-step verification feature adds an extra layer of protection by requiring a PIN for account access.

Users are also encouraged to silence calls from unknown numbers, conduct all financial transactions only through official banking apps or websites, and avoid clicking on suspicious links with unfamiliar domain extensions. Any suspected compromise should be reported immediately to the bank and the relevant authorities to limit potential damage.

As cyber threats become increasingly sophisticated, banks and regulators across the UAE continue to emphasize that vigilance remains the strongest defense.