Hackers can go to any length to steal your personal and private data. While iOS is considered to be relatively safer when compared to the Android operating system thanks to the rigid quality standards that an app has to pass before it can make its way to the App Store, Hackers have probably found a way to trick iPhone users into installing a fake version of WhatsApp.
This seems to be a targeted attack and is being linked to an Italian surveillance company Cy4Gate that tricks users into installing Mobile Device Management (MDM) profiles, that in turn installs malware onto the target device.
The report from digital rights watchdog Citizen Lab and Motherboard suggested that the hackers were able to collect unique code identifiers related to mobiles like IMEI (International Mobile Equipment Identity) and UDID (Unique Device Identifier) that are assigned to each iOS device by Apple among others.
- iOS 14.4 release date, features, widgets and compatible iPhones
- Keep your devices virus-free with the best malware removal solutions
Earlier, a security company called ZecOps detected these attacks against WhatsApp users and suggested that clusters of web domains websites that were found tricking users to download WhatsApp but were instead installing the configuration files mentioned above to collect user information and send them back to the attackers.
These Italian websites instructed users on how to download and install the configuration files and read, "To keep in touch with your friends press the 'download' button and follow the instructions on the page.” Getting these MDM files installed on the target’s phone is seen as the first stage of installing spyware and the researchers were not able to gather enough data around the next stage of the attack.
This, however, means that they were not able to identify as to what all data interlopers were able to extract from the phone.
While WhatsApp is already available to download for free from the iOS App Store, these phishing websites were designed to look exactly like WhatsApp’s official website and displayed a process to install the spyware in an extremely professional manner to trick the targets.
WhatsApp has explained that it suggests users download WhatsApp from official sources only and suggests that the company may also “temporarily ban people using modified WhatsApp clients we detect to help encourage people to download WhatsApp from an authoritative source”. The company in a statement to Motherboard said, “We strongly oppose abuse from spyware companies, regardless of their clientele. Modifying WhatsApp to harm others violates our terms of service. We have and will continue to take action against such abuse, including in court.”
Get daily insight, inspiration and deals in your inbox
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.