Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts
Smartphones! Who doesn’t like to have one? Mostly, everyone in this world likes to have one and is used to buying a new one each time a new feature comes with their favorite brand. Rich kids switch their phone models every year or month, in case they get bored with the previous one.
But do you think that this is a good thing to do? Maybe the newer models could give you the happiness that you want. However, sometimes you might think that it is too much to buy expensive phones just for one freaking feature. Ultimately, no comments on this biased situation.
In the past few years, several things have changed and popular brands have launched many new models just because a customer buys new phones in the search of sleek design, to have a lot more features, and to satisfy their social image. But in this world, nothing remains the same as they come into this world.
Same as that cybercriminals who like to get money through hideous crimes have gone to smartphones and other devices too. We got one of the reports that say “Adversaries targeted popular brands and in the mirage of popular brands.”
Watch Related news here. Click Now!
Popular Brands with Various Trojans
Pocket-friendly budget and flagship smartphones that are just copies of some famous brands are being customized to target WhatsApp and WhatsApp Business (Messaging Apps) with several Trojans.
Doctor Web, July 2022
Malware that came in the acknowledgment of Doc Web was identified in the system partition of at least four different smartphones as follows:
- P48pro
- Redmi note 8
- Note30u
- Mate40
“These incidents are united by the fact that the attacked devices were copycats of famous brand-name models,” the cybersecurity firm said in a report published today.
Plus, rather than having one of the latest OS versions implemented on them with the related information presented in the device details (e.g., Android 10), they had the 4.4.2 outdated version.
The malicious content was related to two files that are:
- “/system/lib/libcutils.so”
- “/system/lib/libmtd.so”
Those were modified so that whenever the libcutils.so system library would get used by any app, it would provoke the execution of a Trojan incorporated in libmtd.so.
In case, Apps like WhatsApp and WhatsApp Business, utilize the libraries, libmtd.so would launch a third backdoor that’ll be responsible for downloading and installation of additional plugins via remote server onto the compromised devices.
Researchers
“The danger of the discovered backdoors and the modules they download is that they operate in such a way that they become part of the targeted apps.”
That resulted, in giving access to adversaries with several actions they could take in the apps:
- Apps’ files
- Can read chats,
- Send spam, intercept
- Could listen to phone calls
- Execute several malicious actions
It depends on the features and functions of the downloaded modules of the apps.
Next to it, Apps using the libraries were found out to be wpa_supplicant. That’s a system daemon that comes in use to manage network connections. Libmtd.so is customized to run a local server that allows connections from a remote/ local client via the “mysh” console.
According to what Doctor Web said, system partition implants could be part of the FakeUpdates Malware Family (aka SocGholish). Those could be based on the research of another Trojan embedded into the system app responsible for over-the-air (OTA) firmware updates.
Malicious App was accustomed to exfiltrating detailed metadata about the victimized device. Moreover, it was accustomed to downloading & install other software without users’ permission via Lua Scripts.
Advice
To evade events as such and escape from becoming a victim of such malware attacks, users purchase mobile devices only from official stores and legitimate distributors. Pirated websites could lead to the order of fabricated devices that could be customized with malicious content in the first place to steal data and threaten the users. Be Alert, Be Safe!
Watch more news here :
