- WhatsApp has been used to collect sensitive information from users many times.
- The hackers had made the fake app to trick users to install configuration on their iPhone.
- If downloaded, the information the hackers could have collected includes the Unique Device Identifier (UDID) and International Mobile Equipment Identity
WhatsApp has been used to collect sensitive information from users many times. As per a report, hackers had made a fake version of WhatsApp to collect sensitive information from iPhone users. The hackers had made the fake app to trick users to install configuration on their iPhone. If downloaded, the information the hackers could have collected includes the Unique Device Identifier (UDID) and International Mobile Equipment Identity (IMEI).
As per a report by Vice, Cybersecurity research lab at the University of Toronto, Citizen Lab and Motherboard have unearthed the fake version of WhatsApp for iPhone. The report states that the fake version of WhatsApp has been developed by Cy4Gate. A site with domain config5-dati[.]com was ticking iPhone users to download the app which was not an app but a configuration file for the iPhone. It was designed to collect personal and sensitive data of users.
"I think it is targeted, I don't think they were trying to spread this around," Bill Marczak, a researcher from Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, told Motherboard.
The fake WhatsApp website was made to look like an official WhatsApp site with an official logo and branding. You can also find the steps to install the app.
Security company ZecOps also pointed out Apple has patched two vulnerabilities in IOS. "OS 14.4 patched two vulnerabilities that may have been exploited in the wild: Including both WebKit, and Kernel: hinting that they might have been used in 1-click attacks. To protect yourself: we advise you to update to the latest iOS version," ZeCops tweeted.
The breach was acknowledged by WhatsApp. A spokesperson person told motherboard, "We strongly oppose abuse from spyware companies, regardless of their clientele. Modifying WhatsApp to harm others violates our terms of service. We have and will continue to take action against such abuse, including in court."
"To help keep chats safe, we recommend that people download WhatsApp from the app store for their phone's platform. In addition, we may temporarily ban people using modified WhatsApp clients we detect to help encourage people to download WhatsApp from an authoritative source," he added.