Emirates NBD has issued a public warning after detecting a dangerous “zero-day” cyberattack exploiting WhatsApp voice calls, allowing hackers to compromise smartphones through a single incoming call.
In an advisory to customers, the bank said cybercriminals are taking advantage of an undisclosed software vulnerability that can grant unauthorized access to a device—sometimes without the user answering or interacting with the call. Once breached, attackers may gain access to private photos, chats, and sensitive financial information.
Security experts noted that the timing of the attack is particularly concerning, as the surge in holiday greetings, travel updates, and unknown calls creates ideal cover for malicious activity.
A “zero-day” threat refers to a security flaw unknown to developers until it is actively exploited. In this case, hackers are using WhatsApp’s calling feature as an entry point. The UAE Cybersecurity Council warned that such attacks can silently harvest personal and banking data.
To stay protected, Emirates NBD urged users to immediately update WhatsApp and their phone’s operating system, enable two-step verification, silence calls from unknown numbers, avoid clicking suspicious links, and never share OTPs or banking credentials. Customers were also advised to report any unusual activity to the bank without delay.
The bank reiterated that it will never request sensitive information through calls or messages and encouraged the public to remain vigilant under its “United Against Fraud” campaign.
