DIGITAL LIFE
![malware]({"default":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB14qoPh.img?h=373&w=624&m=6&q=60&o=f&l=f"} "malware - avira")
Android malware targets WhatsApp and Facebook Messenger users
A new malware campaign targets instant messaging software like WhatsApp, Facebook Messenger and Line, most used in Asian countries. Hackers are said to be using a new version of already known malware, named by WolfRAT experts, to steal data, read text messages and activate the camera or microphone without the user noticing.
The big target of the campaign would be Thailand, with most infections reported by Cisco Talos experts happening there. The malware issues warnings of fake software updates such as Adobe Flash and Google Play while accessing malicious websites on your phone. If the user falls for the bait, the malware is installed and begins to carry out its espionage functions in the background, sending the information and media improperly recorded to servers under the control of the criminals.
The plague also has specific behaviors according to the messenger being used by the victim. When it detects WhatsApp running, for example, WolfRAT captures the screen every 50 seconds, as a way to obtain sensitive information, intimate photos or personal data that can later be used in extortion or scams.
The relationship between criminals and Thailand goes beyond the focus on local users, with the use of advertisements for typical food or celebrities - part of the malware programming was also written in Thai, with control and data receiving servers also located in the country. WolfRAT is a variant of DenDroid, a remote access trojan that was sold on the black market for more than $ 300 before its source code was leaked on the internet, giving rise to a series of "kids" like this.
The researchers go further and claim that the malware may be the work of remaining members of White Wolf Research, a hacker group that worked for governments and security agencies between 2018 and 2019, but that ended last year. The lack of sophistication next to this connection, even, surprised the experts, indicating that it is a simple campaign and focused only on obtaining data for financial gain, without greater ambitions in the use of the pest.
The path to protection, fortunately, is simple. To protect yourself from this and other infection campaigns, just avoid clicking on update banners displayed in browsers and never download or install solutions that do not come from official stores and legitimate means. It is also worth paying attention to permissions requested by applications and reflecting whether they should really have access to what they are asking for. Keeping security software active and up-to-date on your smartphone also helps protect against malware and data theft.
Source: Cisco Talos
No comments:
Post a Comment