WhatsApp Mishap: How Your Phone May Not Be As Secure As You Thought
For the longest time, cyber threats have only seemingly existed to intrude on our PCs and laptops. But as mobile phones continue to update and develop with further smart capabilities, there has been a cyber shift to targeting a person's mobile device.
It is fair to say that a person's mobile phone should be a safe space where you keep valuable and important information as well as a vast amount of personal data.
When we need to remember something, we naturally turn to write it down on our mobile phone as it is efficient, easy to access and is constantly with us. Too often we take for granted how vulnerable we are when on our mobile devices, we may permit our phone to remember login details because we think there is no way that another person can access it when it's in our back pockets. We may save one-time passwords as it's easier than opening up our email or office apps. We exchange details over text messages and emails and we may even remove security measures on our phones in certain situations because we have confidence and trust in those around us. The trouble is cyber criminals are getting smarter, and know how much we rely on our phones for everyday living as well as our work lives.
How do we know this? Well, you don’t have to look very far to find it. A new Malware was recently discovered on Google’s play store that could spread through popular messaging app Whatsapps private messages.
The malware was designed with the ability to automatically reply to incoming Whatsapp messages on behalf of the victims, with the content of the response coming from a remote server.
The Malware was discovered hidden under the cover of a ‘Netflix’ app called FlixOnline and promised users endless entertainment from anywhere around the world.
The malware - if successful - was able to perform a variety of malicious activities leaving the device at the mercy of the cyber attacker. This included activities such as :
Further spreading the malware through malicious links
Stealing credentials and data from the users Whatsapp account
Spreading fake or malicious messages to a users contacts or group - for example, a work-related group chat
Furthermore, the malware was designed to be wormable, meaning it could continuously move through different android devices provided the Android user clicks on the link in the message and downloads the malware.
Despite sounding complicated, the malware in itself works in a simple 4-step process:
The victim installs the malware from Google Play Store
The malware then ‘listens to Whatsapp‘ new notifications
It then responds to every message the user receives and allows the attacker to craft a response that convinces the recipients to not get suspicious (remember, they have all the previous Whatsapp data, making forgery easier)
The response then leads to a fake Netflix site that phished personal details of those who clicked the link
Though since being delta with by Google, the malicious app was downloaded approximately 500 times, siphoning people's personal data and quietly listening for the next opportunity to strike. This serves as a sobering reminder of how vigilant we have to be, even on our own phones.
No longer can we trust that cyber crime is exclusive to computers or laptops. Cyber criminals are looking for opportunities to intrude and exploit our behaviours, good digital hygiene is crucial, even on our smartphones and should be implemented as soon as possible.
When it comes to your smartphone:
Install a security solution on your device.
Only download applications from official markets
Keep your device and apps up to date
If you are looking to implement a mobile security solution, talk to one of the team at ACS. Together, we can help you to build the safe haven you always intended your phone to be, and help keep your personal data stay just that, yours.