Fake iOS WhatsApp Linked to Italian Surveillance Company Used to Target Specific Users: Report
February 5, 2021 12:06:10 AM IS
An Italian surveillance company has reportedly created a fake WhatsApp app for iOS, which is used to target users and collect sensitive data. a report from researchers from the Citizen Lab digital rights surveillance laboratory (reported through Mother letter), some iPhone users were tricked into installing a fake version of WhatsApp. This app was allegedly linked to an Italian surveillance company, Cy4gate. Hackers apparently did not intend to spread the fake app, but it was intended for specific users only.
The report also added that the hackers did not want to distribute it, but rather targeted specific users. Image: Pixabay
In addition to that, the report reveals that this fake version of the application can obtain information such as “UDID, or the unique device identifier assigned to each iOS device by Apple; and the IMEI or International Mobile Equipment Identity, another unique code that identifies mobile phones ”.
According to the report, the page created to trick users into downloading the fake version of the app looked a lot like the real version. WhatsApp website and introduced the step-by-step process to download the application. This page is not available.
According to a statement by a WhatsApp Citizen Lab spokesperson: “We are not asking for these user privileges and people should be careful with any application that tries to do so. We strongly oppose abuse by spyware companies, regardless of their customer base. WhatsApp harming others violates our terms of service. We have taken and will continue to take action against such abuses, including in court. The spokesperson also advised users to always download the app only from the designated App Store.
Last week, security company ZecOps tweeted about the attack on iOS users.
Bonus: IOC for WhatsApp related attacks on iOS (not necessarily related to the tweet above):
URL: config5-dati com
Last known IP address: 184.108.40.206
– ZecOps (@ZecOps) January 26, 2021
Mother letter contacted the accused party, Cy4gate, about this. According to the report, the company dismissed the charge and said that the “configuration domains” that were tracked to them are not “attributable to the company.” However, the company’s spokesperson confirmed that “control3[.]this domain belonged to the company ”.