Smartphone and mobile device users could take some do-it-yourself steps to avoid or significantly lower the risk of becoming victims of unwanted intrusions, cybersecurity experts say.

They caution that users who adopt these steps would still likely not be absolutely safe from future intrusions through sophisticated professional spyware but would be safe from most commercially available spyware or malware.

Concerns about snooping have intensified after a sophisticated cyberattack that relied on spyware called Pegasus developed by an Israel-based company called NSO Group and exploited the video-calling system on WhatsApp to send malware to mobile devices.

WhatsApp has launched a legal case against the NSO Group, Open Access Government, a digital publication that covers public policy issues from around the world, reported on Wednesday.

In a legal complaint filed in a US court, WhatsApp has explained “how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective”, the report by Open Access Government said.

Cybersecurity specialist John Snow in a 2017 blog wrote that Pegasus may be used to “spy on every aspect of the target’s life”, but also recommended “simple tips” to stay as safe as possible.

“Update your devices on time, without fail, and pay special attention to security updates, install a good security solution, and don’t fall for phishing (a query intended to extract user’s critical data such as login credentials.) Three or four such do-it-yourself steps could help smartphone or mobile device users guard themselves from most intrusions,” said Mukesh Choudhary, founder and chief executive officer of Cyberops, an Indian cybersecurity company.

The generic way to gain remote access to a device relies on installing a Trojan horse or spyware, Choudhary said. Sometimes such malware comes bound to a known application the user might download without knowing that it will also download the spyware.

“Users should disable ‘unknown sources’ in their android smartphone’s security settings which will cause the phone to pop up an alert whenever it senses an attempt to install an application not available on Google Play Store,” Choudhary said.

Users should also periodically upgrade the operating systems on their phones — and if the phones’ hardware does not support operating system updates, they should just buy new phones, he said.

“Similarly, users should also update installed apps, including WhatsApp,” Choudhary said. Updated versions of software and apps are at times intended to plug loopholes that make them vulnerable to intrusions.