3 min read

Fake WhatsApp app may have been built to spy on iPhone users - what you need to know

Graham CLULEY

February 05, 2021

Fake WhatsApp app may have been built to spy on iPhone users - what you need to know
  • Fake WhatsApp appears to have been used in targeted attacks
  • Users reminded to always be wary of where they install apps from

What’s happened?
A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data.

Who is behind the fake WhatsApp?
The bogus app, uncovered by cybersecurity researchers at Citizen Lab and journalists at Motherboard, appears to be linked to an Italian firm called Cy4gate which develops “lawful interception” technology.

“Lawful interception?” Do you mean spyware?
Yes, it’s spyware – but spyware that is created by firms to sell to law enforcement bodies, intelligence agencies, and governments.

How do we know this type of spyware might not be abused? Can the people who buy spyware from Cy4gate be trusted?
Good question.

And the answer is?
Your guess is as good as mine.

So, what does the fake WhatsApp actually do?
Information that hackers could gather from an iPhone running the app includes (but is not limited to) the device’s unique identifier (known as a UDID, and assigned by Apple) as well as its unique IMEI.

How would that information be useful?
Well, it might help point an intelligence agency in a particular direction, towards a specific individual.

But does the fake WhatsApp app steal any more data from iPhones?
The researchers at Citizen Lab were not able to gather details on what other data an attacker might be able to steal from a targeted iPhone running the fake version of WhatsApp.

However, it’s hard to imagine that having installed a fake version of WhatsApp onto a target’s phone they wouldn’t at least try to do a lot more, such as spy upon messages they might be sending and receiving as well.

How would a fake WhatsApp app make its way onto an iPhone anyway? Has the version in the iOS App Store been compromised?
Generally Apple does a pretty good job of policing what gets into its official app store, and keeping out bogus software. However, many iPhone users are probably unaware that it is possible to install software onto an iPhone via a different route.

In the case of the bogus WhatsApp software, social engineering tricks are used to dupe users into installing configuration files (known as MDM or Mobile Device Management profiles) onto their phones, and these can install unauthorised malicious code onto an device.

Citizen Lab shared a screenshot of a phishing page which appeared to be linked to the attack, directing users to download the bogus version of WhatsApp and follow the instructions to install the configuration file.

Why on earth does Apple allow people to install software this way? It sounds unsafe!
The technology was put in place to help corporations install bespoke software that wasn’t appropriate for the public App Store onto employee’s devices – but for some time there have been attempts to use it to install spyware.

Should I be worried? I use WhatsApp all the time
Probably not. This is likely to have been a highly targeted attack. Whoever was behind the fake WhatsApp is likely to have built it with a very specific purpose in mind, not with the intention of infecting as many iPhone users as possible.

Nonetheless, it’s a useful reminder that if you want to run the legitimate version of WhatsApp, the most sensible thing to do is is to install it from the official iOS App Store.

At least I’m alright, I use Android not iPhone!
Don’t speak too fast. In November 2017, it was discovered that over one million Android users had been duped into downloading a bogus version of WhatsApp that had been published in the official Google Play store.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read