{"id":11913,"date":"2018-04-02T10:10:05","date_gmt":"2018-04-02T18:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/04\/02\/news-5682\/"},"modified":"2018-04-02T10:10:05","modified_gmt":"2018-04-02T18:10:05","slug":"news-5682","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/04\/02\/news-5682\/","title":{"rendered":"Mobile Menace Monday: Fake WhatsApp can steal info from your phone"},"content":{"rendered":"

Credit to Author: Nathan Collier| Date: Mon, 02 Apr 2018 17:00:00 +0000<\/strong><\/p>\n

Last month, a blogger at My Online Security<\/em> reported receiving a spam comment containing WhatsApp Plus<\/a>. Going through the process, they downloaded an APK of this so-called WhatsApp Plus.\u00a0<\/em>Where they ended was as stated,<\/p>\n

\n

I am not certain exactly what this does, but from the sandbox reports it looks like it has the potential to steal information, photos, phone numbers etc from your mobile phone.\u00a0\u00a0<\/em><\/p>\n<\/blockquote>\n

Indeed, they are correct, as this is a variant of Android\/PUP.Riskware.Wtaspin.GB, a Fake WhatsApp riskware that dates back to mid-2017.\u00a0 But what makes this variant unique is where it leads us.<\/p>\n

Whats in a Fake WhatsApp?<\/h3>\n

As our dear My Online Security<\/em> blogger did, I too went through the process and downloaded\/installed the APK aforementioned in the linked blog. Upon opening the app is the following greeting:<\/p>\n

\"\"<\/p>\n

Of special interest is the gold logo in the middle with a URL and handle. Onward, I clicked on AGREE AND CONTINUE<\/em> to find, oh no, I was out of date!<\/p>\n

\"\"<\/p>\n

The message states, Please go to Google Play Store to download latest version \u2014 <\/em>nah, I’d rather click the DOWNLOAD button. Where I was redirected was intriguing.<\/p>\n

Into another realm of Fake WhatsApp<\/h3>\n

Where I landed was on the above URL from the shiny gold logo. Everything on the webpage is written in Arabic.<\/p>\n

\"\"<\/p>\n

Here I was on the official website to download Watts Plus Plus WhatsApp<\/em>\u2014that unusual name could very well be an awkward Google translate, by the way.\u00a0 Among numerous ads (a developer needs to make some ad revenue after all) was text explaining this developer’s WhatsApp version. Below is the (very) rough translation, with minor condensing to the most pertinent information:<\/p>\n

\n

What is Watts Plus Plus Whatsapp Plus?<\/em><\/strong><\/h3>\n

Is a copy of WattsPlus developed by Abu, there may be no confidence in some users in the download of Whatsapp Plus, but this version has been checked files Wats through special programs and the result is positive is safe , and the version of Watts Plus is updated Abu periodically for the\u00a0 last issue is a special version of the fans of Watts AP Plus:<\/em><\/p>\n

Secure:<\/em><\/strong>\u00a0 The antivirus software code has been checked, the Watsp files are encrypted in the Watspec servers and cannot be decrypted and can only be decrypted by Wattsp itself.<\/em><\/p>\n

Updated to the latest version:<\/em><\/strong>\u00a0 Watts August the company issued almost every two days a simple update, and is almost updated copies of our own every two months periodically until the copies contain only critical updates.<\/em><\/p>\n

Four numbers in the same phone:<\/em><\/strong> In this version you can run up to four numbers in the same phone without a routine or any difficulty<\/em><\/p>\n

Features<\/em><\/strong><\/h3>\n

Hide the last appearance of friends completely with the property of hiding the reading and reception, and the disappearance of the current writing and running and hide that you have played a clip and your voice. And hide that you watched the case of your friend (Alasturi).<\/em><\/p>\n

The possibility of changing the program line completely to many of the ready lines<\/em><\/p>\n

Provides the security feature of the application by placing a secret number cannot open the application without it.<\/em><\/p>\n

Provides security for conversations by placing a secret number cannot open the conversation without him.<\/em><\/p>\n

You can send more than 100 photos at once to your friends.<\/em><\/p>\n

And many other features<\/em><\/h3>\n

Hide what you saw the situation:<\/em><\/strong>\u00a0 You can in the latest version of WhatsApp + WhatsApp Plus WhatSapp Plus AbuSamad AlRifa’i Hide that you watched the status of friends from privacy options from the top menu.<\/em><\/p>\n

What<\/em><\/strong> is the best feature in WhatsApp Plus WhatsApp Plus What isApp Plus Abu Sadam Rifai\u00a0 If we activate this option, no one will be able to see you online forever and will not show the date of your last appearance and no one will know you are online even while you are on the wattage .<\/em><\/p>\n

Hide the second health:<\/em><\/strong>\u00a0 The sender of the messages will not be able to tell you that you received the message.<\/em><\/p>\n

Hides the blue ones:<\/em><\/strong>\u00a0 The sender cannot tell you that you read the message but in return you know that he has read the messages and only shows you the blue ones.<\/em><\/p>\n

Hide the current writing:<\/em><\/strong>\u00a0 You can also in the new version and the latest version of WhatsApp + WhatsApp Plus whatsapp plus Abu Saddam Al – Rifai\u00a0 hide hiding or typing on the other end of the conversation.<\/em><\/p>\n

Hides recording:<\/em><\/strong>\u00a0 When recording a track.<\/em><\/p>\n

Hide playback signal:<\/em><\/strong>\u00a0 ie, the sender cannot tell you have listened to the audio track.<\/em><\/p>\n

Two-way operation:<\/em><\/strong>\u00a0 You can run two versions of Wattsp on one device without a router by downloading Watts 1 and Watts 2.<\/em><\/p>\n

See the status of people without entering the conversation:<\/em><\/strong>\u00a0 You can see the status of people connected or last seen from the main screen of the program.<\/em><\/p>\n<\/blockquote>\n

What stood out to me was all the abilities to hide <\/em>oneself in various ways\u2014very spy-like behavior.<\/p>\n

Onward to the next version<\/h3>\n

Sifting through all the ads stating they were the download <\/em>button, I finally came across the true\u00a0download link. After updating, I once again came to the same screen shown above with the gold logo. This time, after pressing the AGREE AND CONTINUE <\/em>button, the next screen asked to verify a phone number.<\/p>\n

\"\"<\/p>\n

After doing so, a changelog appeared with fixes to the app\u2019s hiding<\/em> features.<\/p>\n

Clicking OK <\/em>to the changelog, what appears to be a functioning version of WhatsApp opens.<\/p>\n

Click to view slideshow.<\/a> <\/p>\n

WhatsCode\u2026ur\u2026what\u2019s in the code<\/h3>\n

The incriminating code of Android\/PUP.Riskware.Wtaspin.GB is within receivers, services, and activities starting with com.gb.atnfas.\u00a0<\/em>This code is in various fake WhatsApp APKs. The only difference of the aforementioned version from above is the code points to the Arabic webpage to update.<\/p>\n

\"\"<\/p>\n

After analyzing several different versions of PUP.Riskware.Wtaspin.GB, it appears all have different URLs from which to update. Thus, everyone is just copy catting the original source code and adding their own \u201cupdate\u201d website. So, who is the original author of this riskware? Is the Arabic developer, Abu, the originating author?<\/p>\n

The code of this riskware is complex. The webpage of the developer claiming to be owner\u2014not so complex. Although I won\u2019t completely rule out the possibility, let’s just say I am skeptical.<\/p>\n

No matter the true author or origin of this fake Whatsapp, I suggest sticking with the real WhatsApp on Google Play<\/a>. Although Google Play has its faults<\/a>, it\u2019s tremendously safer than some of the sources I came across researching this riskware. Stay safe out there!<\/p>\n

The post Mobile Menace Monday: Fake WhatsApp can steal info from your phone<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Nathan Collier| Date: Mon, 02 Apr 2018 17:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
WhatsApp Plus has the potential to steal information, as it is a variant of Android\/PUP.Riskware.Wtaspin.GB, a fake Whatsapp riskware that dates back to mid-2017.<\/p>\n

Categories: <\/p>\n

Click to view slideshow.<\/a> <\/p>\n