#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Whatsapp | Breaking Cybersecurity News | The Hacker News

Category — Whatsapp
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit

Nov 18, 2024 Mobile Security / Spyware
Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target's devices as WhatsApp erected new defenses to counter the threat. In May 2019, WhatsApp said it blocked a sophisticated cyber attack that exploited its video calling system to deliver Pegasus malware surreptitiously. The attack leveraged a then zero-day flaw tracked as CVE-2019-3568 (CVSS score: 9.8), a critical buffer overflow bug in the voice call functionality. The documents now show that NSO Group "developed yet another installation vector (known as Erised) that also used WhatsApp servers to install Pegasus." The attack vector – a zero-click exploit that could compromise a victim...
GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

Jul 09, 2024
Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo . The campaign , believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack infrastructure location, according to Lookout. More than 450 victims have been impacted by the malicious activity, with targets located in Egypt, Oman, Qatar, Saudi Arabia, Turkey, the U.A.E., and Yemen. Telemetry data indicates that most of the infections have been recorded in Yemen. GuardZoo is a modified version of an Android remote access trojan (RAT) named Dendroid RAT that was first discovered by Broadcom-owned Symantec in March 2014. The entire source code associated with the crimeware solution was leaked later that August. Originally marketed as a commodity malware for a one-off price...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

PixPirate Android Banking Trojan Using New Evasion Tactic to Target Brazilian Users

Mar 13, 2024 Financial Fraud / Mobile Security
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app's icon from the home screen of the victim's device, IBM said in a technical report published today. "Thanks to this new technique, during PixPirate reconnaissance and attack phases, the victim remains oblivious to the malicious operations that this malware performs in the background," security researcher Nir Somech  said . PixPirate, which was  first documented  by Cleafy in February 2023, is known for its abuse of Android's accessibility services to covertly perform unauthorized fund transfers using the PIX instant payment platform when a targeted banking app is opened. The constantly mutating malware is also capable of stealing victims' online banking credentials and credit card information, as well as capturing keystrokes and interc...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

Feb 05, 2024 Cyber Espionage / Cyber Extortion
The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called  VajraSpy . Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between April 2021 and March 2023. "VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code," security researcher Lukáš Štefanko  said . "It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera." As many as 148 devices in Pakistan and India are estimated to have been compromised in the wild. The malicious apps distributed via Google Play and elsewhere primarily masqueraded ...
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Dec 01, 2023 Privacy / Data Protection
Meta-owned WhatsApp has launched a new  Secret Code  feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been  described  as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature called  Chat Lock  that WhatsApp announced in May, which moves chats to a separate folder of their own such that they can be accessed only upon providing their device password or biometrics. By setting a unique password for these locked chats that are different from the password used to unlock the phone, the aim is to give users an additional layer of privacy, WhatsApp noted. "You'll have the option to hide the Locked Chats folder from your chatlist so that they can only be discovered by typing your secret code in the search bar," it added. The development comes weeks after What...
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users

Nov 21, 2023 Android Security / Cryptocurrency
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. "Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such as banks, government services, and utilities," Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai  said  in a Monday analysis. The ultimate goal of the operation is to capture banking details, payment card information, account credentials, and other personal data. The attack chains involve sharing malicious APK files via social media messages sent on WhatsApp and Telegram by falsely presenting them as banking apps and inducing a sense of urgency by claiming that the targets' bank accounts will be blocked unless they update their pe...
WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls

Nov 08, 2023 Privacy / Data Security
Meta-owned WhatsApp is officially rolling out a  new privacy feature  in its messaging service called "Protect IP Address in Calls" that masks users' IP addresses to other parties by relaying the calls through its servers. "Calls are end-to-end encrypted, so even if a call is relayed through WhatsApp servers, WhatsApp cannot listen to your calls," the company said in a statement shared with The Hacker News. The core idea is to make it harder for bad actors in the call to infer a user's location by securely relaying the connection through WhatsApp servers. However, a tradeoff to enabling the privacy option is a slight dip in call quality. Viewed in that light, it's akin to Apple's  iCloud Private Relay , which adds an anonymity layer by  routing users' Safari browsing sessions  through two secure internet relays. It's worth noting that the "Protect IP Address in Calls" feature has been under development since at least late Augu...
CanesSpy Spyware Discovered in Modified WhatsApp Versions

CanesSpy Spyware Discovered in Modified WhatsApp Versions

Nov 03, 2023 Spyware / Mobile Security
Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed  CanesSpy . These modified versions of the instant messaging app have been observed propagated via sketchy websites advertising such modded software as well as Telegram channels used primarily by Arabic and Azerbaijani speakers, one of which boasts of two million users. "The trojanized client manifest contains suspicious components (a service and a broadcast receiver) that cannot be found in the original WhatsApp client," Kaspersky security researcher Dmitry Kalinin  said . Specifically, the new additions are designed to activate the spyware module when the phone is switched on or starts charging. It subsequently proceeds to establish contact with a command-and-control (C2) server, followed by sending information about the compromised device, such as the IMEI, phone number, mobile country code, and mobile network code. CanesSpy also transmits det...
Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Aug 15, 2023 Mobile Security / Financial Risk
Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called  Gigabud RAT . "One of Gigabud RAT's unique features is that it doesn't execute any malicious actions until the user is authorized into the malicious application by a fraudster, [...] which makes it harder to detect," Group-IB researchers Pavel Naumov and Artem Grischenko  said . "Instead of using HTML overlay attacks, Gigabud RAT gathers sensitive information primarily through screen recording." Gigabud RAT was  first documented  by Cyble in January 2023 after it was spotted impersonating bank and government apps to siphon sensitive data. It's known to be active in the wild since at least July 2022. The Singapore-based company said it also identified a second variant of the malware minus the RAT capabilities. Dubbed Gigabud.Loan, it comes under the guise of a loan application that...
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Jun 30, 2023 Privacy / Tech
Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were  first reported  by BBC Persian. Some of the other improvements include streamlined steps to simplify the setup process as well as the introduction of shareable links to "share functioning/valid proxy addresses to their contacts for easy and automatic installation." Support for  proxy servers  was officially launched by the messaging service  earlier this January , thereby helping users circumvent government-imposed censorship and internet shutdowns and obtain indirect access to WhatsApp. The company has also made available a  reference implementation  for setting up a proxy server with ports 80, 443, or 5222 available and a domain name that points to the serv...
Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files

Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files

Jun 15, 2023 Mobile Security / Privacy
An updated version of an Android remote access trojan dubbed  GravityRAT  has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko  said  in a new report published today. "The malicious apps also provide legitimate chat functionality based on the open-source  OMEMO  Instant Messenger app." GravityRAT is the name given to a  cross-platform malware  that's capable of targeting Windows, Android, and macOS devices. The Slovak cybersecurity firm is tracking the activity under the name SpaceCobra. The threat actor is suspected to be based in Pakistan, with recent attacks involving GravityRAT targeting military personnel in India and among the Pakistan Air Force by camouflaging it as cloud storage and entertainment apps, as...
E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

E.U. Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

May 22, 2023 Data Protection / Privacy
Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed data within six months. Additionally, Meta has been given five months to suspend any future transfer of Facebook users' data to the U.S. Instagram and WhatsApp, which are also owned by the company, are not subject to the order. "The EDPB found that Meta IE's infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous," Andrea Jelinek, EDPB Chair,  said  in a statement. "Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizati...
WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

WhatsApp Introduces New Device Verification Feature to Prevent Account Takeover Attacks

Apr 13, 2023 Mobile Security / Privacy
Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement. Called  Device Verification , the security measure is designed to help prevent account takeover (ATO) attacks by blocking the threat actor's connection and allowing targets of the malware infection to use the app without any interruption. In other words, the goal is to deter attackers' use of malware to steal WhatsApp authentication keys and hijack victim accounts, and subsequently impersonate them to distribute spam and phishing links to other contacts. This, in turn, is achieved by introducing a security-token th...
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware

Mar 17, 2023 Cryptocurrency / Mobile Security
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware . "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of clipper malware on the Google Play Store dates back to 2019, the development marks the first time Android-based clipper malware has been built into instant messaging apps. "Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware," the Slovak cybersecurity firm added. The attack chain begins with unsuspecting users clicking on fraudulent ads on Google search results that lead to hundreds of sketchy YouTube channels, which then direct them ...
WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws

Jan 20, 2023 Data Protection / Privacy
The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information. At the heart of the ruling is an update to the messaging platform's Terms of Service that was imposed in the days leading to the enforcement of the General Data Protection Regulation ( GDPR ) in May 2018, requiring that users agree to the revised terms in order to continue using the service or risk losing access. The complaint, filed by privacy non-profit NOYB, alleged that WhatsApp breached the regulation by compelling its users to "consent to the processing of their personal data for service improvement and security" by "making the accessibility of its services conditional on users accepting the updated Terms of Service." "WhatsApp Ireland is not entitled to rely on the contract legal basis for the delivery of service improvement and security," th...
WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship

Jan 06, 2023 Online Safety / Privacy
Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company  said . Proxies act as an intermediary between end users and the service provider by routing requests originating from a client to the server and forwarding the response back to the device. Users can  access the option  by navigating to Settings > Storage and Data > Proxy > Use Proxy and entering a trusted proxy server address. WhatsApp, which is used by more than two billion users across the world, has also made available a  reference implementation  that can be used to set up a proxy server to help others connect to the service. The company em...
Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak

Dec 27, 2022 Data Security / Privacy
Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018. The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising. The proposed settlement, first  reported  by Reuters last week, is the latest penalty paid by the company in the wake of a  number  of  privacy   mishaps   through the years . It still requires the approval of a federal judge in the San Francisco division of the U.S. District Court. It's worth noting that Facebook previously sought to  dismiss the lawsuit  in September 2019,  claiming  users have no legitimate privacy interest in any information they make available to their friends on social media. The  data harvesting scandal ...
Expert Insights / Articles Videos
Cybersecurity Resources