Recently, a malicious program, or malware, was discovered that attacks the application of WhatsApp of at least four specific cell phone models. These Trojan-type viruses access smartphones and become dangerous for privacy, since they have access to instant messaging app files and can read chats, send spam, intercept and listen to phone calls, among other things.
The smartphones that can be victims of these Trojans are counterfeit copies of popular brandsso the recommendation to avoid the attack of this malware is to buy the devices in official stores or reputable vendors.
The company dedicated to computer security Dr.Web reported that, starting in July of this year, many complaints began to arrive on the site from users who suffered problems with their instant messaging app due to the installation of a malicious program. As a result, the specialists of that entity began to investigate and discovered that the smartphones with these drawbacks were the following: P48pro, Redmi Note 8, Note30u y Mate40.
MIRA: WhatsApp Communities are here, but what happened to the camera button?
These models had in common that they had been sold as counterfeit copies of popular and prestigious cell phone brands. Also, despite being advertised as up-to-date, these smartphones come with a installed version of the Android system that is long obsolete, the 4.4.2.
These devices contain two files through which the malware accesses Android, and they are called: “/system/lib/libcutils.so” and “/system/lib/libmtd.so”, which correspond to the Libcutils.so object. This is what is known as a system library, which is by design harmless, but is modified by viruses. In this way, when used by any application, it launches a dangerous Trojan that is embedded in libmtd.so.
When the applications WhatsApp y WhatsApp Business use these libraries, the virus – known generically as “back door” because it enters through a “back door” – attacks the security systems of the algorithm by downloading and installing additional malicious plugins or accessories on the phone. These are done from a remote server and without the user being able to perceive it.
From that moment on, the Trojan can access files from the instant messaging applications that were attacked and read chats, send spam, listen to phone conversations, and perform other malicious actions. This malware is also designed to download and install other software on the phone without users’ knowledge, through scripts.
“The danger of uncovered backdoors and the modules they download is that they work in such a way that they actually become part of the target applications”, indicates the Dr.Web page, which adds that the Trojan that attacks this type of smartphones may belong to the Android.Fake.Updates family.
To prevent this type of malware attack, it is recommended buy smartphones in official stores or accredited companies. It is also important to incorporate into the system and use an antivirus, which can be downloaded through the Play Store (for Android) or App Store (for iOS system). Third, another suggestion is periodically install available updates for the operating system.
GDA / The Nation / Argentina