Big danger for WhatsApp users: Beware! This new malware in the making could steal your data, hack phone

By: |
New Delhi | Updated: September 28, 2018 9:44 PM

The new WhatsApp spyware underwent an investigation by G Data SecurityLabs

WhatsApp is potentially a target for many malware

WhatsApp is inarguably the most popular chat app that billions of users find at their disposal to disseminate what can be as ordinary, repetitive, and sometimes annoying as a ‘good morning’ message. This entails a huge repository of data and personal information that is being continually exchanged by the users. While the company has time and again fostered a secure ecosystem on its app, new loopholes keep emerging that can be potentially harmful to the users.

According to ESET researcher Lukas Stefanko, a new kind of spyware that can sift through the WhatsApp messages and compromise them in unwanted ways, as per ZDNet portal. The report says that the Android-based malware can not only percolate through the chats but also induce a host of surveillance methods on WhatsApp, which could possibly hamper the privacy of the users. The spyware has been spotted by the researcher as an “open development project”, says the report.

The new WhatsApp spyware underwent an investigation by G Data SecurityLabs revealed that a malware codenamed ‘OwnMe’ was found resting in a public repository on GitHub. It contains the root function MainActivity.class that has the OwnMe.class up the sleeve. Tinkering with the malware throws a pop-up message to the Android user that reads “Service Started”, insinuating the beginning of the malware development process.

Usually, the malicious codes that aim to either syphon off private information or corrupt the data possess a stealthy nature, unlike the ransomware that outrightly extorts money in exchange for the usurped data. However, spyware and same such nefariously coded elements naturally operate under the radar, which implies that the pop-up message that was spotted won’t be a part of the final build of the malware. The investigation also revealed that most of the fields were empty for now since the malware is still in the making.

The moment OwnMe.class is called, it begins the startExploit() function that can even establish a connection to the server in the availability of the Internet. The teardown of the malware interestingly revealed some intrusive functions such as the screenshotting capability. However, the report says that most of the malware features have not been finished. G Data found that even though there is a screenshot feature, no function is called to implement it and that no data is transferred to the servers. The malware also possesses the ability to fetch the URLs, titles, times, and visits from the bookmarks via another function getHistory().

The contacts are also a target of the malware, which it can log if the user grants the permission. The malware also seeks to infiltrate the gallery and camera apps, in addition to checking the CPU usage and battery level of the device. “However, there is no implementation for a message check like with the commands above and hence that command is not actively used yet,” the researchers at G Data are quoted as saying in the report. It mentions that the malware is still in development and might not make it to the final build. The WhatsApp users should keep an eye on the suspicious links and apps to save themselves from such malicious activities.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Redmi Note 11 series, Redmi Watch 2 to launch on October 28, Xiaomi confirms
2Instagram to let users post photos from desktop, collab with friends and share likes
3Amazfit GTS 3 Pro, GTR 3 and GTS 3 Zepp OS-based smartwatches launched in India: Check specifications and prices