The new WhatsApp spyware underwent an investigation by G Data SecurityLabs
WhatsApp is inarguably the most popular chat app that billions of users find at their disposal to disseminate what can be as ordinary, repetitive, and sometimes annoying as a ‘good morning’ message. This entails a huge repository of data and personal information that is being continually exchanged by the users. While the company has time and again fostered a secure ecosystem on its app, new loopholes keep emerging that can be potentially harmful to the users.
According to ESET researcher Lukas Stefanko, a new kind of spyware that can sift through the WhatsApp messages and compromise them in unwanted ways, as per ZDNet portal. The report says that the Android-based malware can not only percolate through the chats but also induce a host of surveillance methods on WhatsApp, which could possibly hamper the privacy of the users. The spyware has been spotted by the researcher as an “open development project”, says the report.
The new WhatsApp spyware underwent an investigation by G Data SecurityLabs revealed that a malware codenamed ‘OwnMe’ was found resting in a public repository on GitHub. It contains the root function MainActivity.class that has the OwnMe.class up the sleeve. Tinkering with the malware throws a pop-up message to the Android user that reads “Service Started”, insinuating the beginning of the malware development process.
Usually, the malicious codes that aim to either syphon off private information or corrupt the data possess a stealthy nature, unlike the ransomware that outrightly extorts money in exchange for the usurped data. However, spyware and same such nefariously coded elements naturally operate under the radar, which implies that the pop-up message that was spotted won’t be a part of the final build of the malware. The investigation also revealed that most of the fields were empty for now since the malware is still in the making.
The moment OwnMe.class is called, it begins the startExploit() function that can even establish a connection to the server in the availability of the Internet. The teardown of the malware interestingly revealed some intrusive functions such as the screenshotting capability. However, the report says that most of the malware features have not been finished. G Data found that even though there is a screenshot feature, no function is called to implement it and that no data is transferred to the servers. The malware also possesses the ability to fetch the URLs, titles, times, and visits from the bookmarks via another function getHistory().
The contacts are also a target of the malware, which it can log if the user grants the permission. The malware also seeks to infiltrate the gallery and camera apps, in addition to checking the CPU usage and battery level of the device. “However, there is no implementation for a message check like with the commands above and hence that command is not actively used yet,” the researchers at G Data are quoted as saying in the report. It mentions that the malware is still in development and might not make it to the final build. The WhatsApp users should keep an eye on the suspicious links and apps to save themselves from such malicious activities.