The information that passes through WhatsApp makes it a preferred target for cyber attacks. Fresh in the line of such attacks is a new strain of Android spyware which could access and compromise WhatsApp messages. It comes with a host of surveillance features. Still in its nascent stage, the malware could potentially leak private conversations, contacts, call logs and even browsing history.
Discovered by ESET security researcher Lukas Stefanko, the code for this Android spyware is present as an open development project in a public repository titled 'OwnMe' on GitHub. Further investigation by G Data Security Labs shows that the malware contains a MainActivity.class which launches OwnMe.class service, a report by ZDNet said. When activated, it shows a popup reading "Service Started" to the Android user. After the service is initiated, a startExploit() function starts, and the spyware establishes an internet connection to the server if internet access is available.
While a ransomware openly extorts money for the data they have under their control, spyware and stalkerware usually keep themselves hidden in the infected devices. The fact that the OwnMe spyware displays popups to the user means that it is still under development. The report also mentioned that project on GitHub shows several variables with empty fields, which again shows that the spyware is still far from its final build. There also happens to be a screenshot function element in OwnMe's code which does not take any actual screenshot or transmit any data to a server, showing that the function is still half-baked.
The OwnMe malware includes a function that can upload local WhatsApp database to a command-and-control centre, as well as the username and android_id from the start-up process. The spyware also uses getHistory() function to grab titles, times, URLs and visits from user bookmarks. This function, however, can only fetch saved bookmarks for now and cannot muddle through the entire browsing history on affected devices.
The OwnMe spyware also targets contacts, phone numbers and call logs if the WhatsApp application on affected device is permitted to access call history. The code that the spyware contains can also compromise gallery, camera, and can also read battery levels and CPU usage.
"However, there is no implementation for a message check like with the commands above and hence that command is not actively used yet," the report said while quoting security researchers.
In order to remain active at all times, the malicious app will even restart after every reboot. Since the OwnMe project is still under development, it has not been released in the open yet.
Edited by Vivek Punj