3 min read

Fake WhatsApp app may have been built to spy on iPhone users - what you need to know

Graham CLULEY

February 05, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fake WhatsApp app may have been built to spy on iPhone users - what you need to know
  • Fake WhatsApp appears to have been used in targeted attacks
  • Users reminded to always be wary of where they install apps from

What’s happened?
A fake version of the WhatsApp messaging app is suspected of being created by an Italian spyware company to snoop upon individuals and steal sensitive data.

Who is behind the fake WhatsApp?
The bogus app, uncovered by cybersecurity researchers at Citizen Lab and journalists at Motherboard, appears to be linked to an Italian firm called Cy4gate which develops “lawful interception” technology.

“Lawful interception?” Do you mean spyware?
Yes, it’s spyware – but spyware that is created by firms to sell to law enforcement bodies, intelligence agencies, and governments.

How do we know this type of spyware might not be abused? Can the people who buy spyware from Cy4gate be trusted?
Good question.

And the answer is?
Your guess is as good as mine.

So, what does the fake WhatsApp actually do?
Information that hackers could gather from an iPhone running the app includes (but is not limited to) the device’s unique identifier (known as a UDID, and assigned by Apple) as well as its unique IMEI.

How would that information be useful?
Well, it might help point an intelligence agency in a particular direction, towards a specific individual.

But does the fake WhatsApp app steal any more data from iPhones?
The researchers at Citizen Lab were not able to gather details on what other data an attacker might be able to steal from a targeted iPhone running the fake version of WhatsApp.

However, it’s hard to imagine that having installed a fake version of WhatsApp onto a target’s phone they wouldn’t at least try to do a lot more, such as spy upon messages they might be sending and receiving as well.

How would a fake WhatsApp app make its way onto an iPhone anyway? Has the version in the iOS App Store been compromised?
Generally Apple does a pretty good job of policing what gets into its official app store, and keeping out bogus software. However, many iPhone users are probably unaware that it is possible to install software onto an iPhone via a different route.

In the case of the bogus WhatsApp software, social engineering tricks are used to dupe users into installing configuration files (known as MDM or Mobile Device Management profiles) onto their phones, and these can install unauthorised malicious code onto an device.

Citizen Lab shared a screenshot of a phishing page which appeared to be linked to the attack, directing users to download the bogus version of WhatsApp and follow the instructions to install the configuration file.

Why on earth does Apple allow people to install software this way? It sounds unsafe!
The technology was put in place to help corporations install bespoke software that wasn’t appropriate for the public App Store onto employee’s devices – but for some time there have been attempts to use it to install spyware.

Should I be worried? I use WhatsApp all the time
Probably not. This is likely to have been a highly targeted attack. Whoever was behind the fake WhatsApp is likely to have built it with a very specific purpose in mind, not with the intention of infecting as many iPhone users as possible.

Nonetheless, it’s a useful reminder that if you want to run the legitimate version of WhatsApp, the most sensible thing to do is is to install it from the official iOS App Store.

At least I’m alright, I use Android not iPhone!
Don’t speak too fast. In November 2017, it was discovered that over one million Android users had been duped into downloading a bogus version of WhatsApp that had been published in the official Google Play store.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read