Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

admin by admin
August 22, 2022
in Ethical Hackers


Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps.

The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40, was

“These incidents are united by the fact that the attacked devices were copycats of famous brand-name models,” the cybersecurity firm said in a report published today.

“Moreover, instead of having one of the latest OS versions installed on them with the corresponding information displayed in the device details (for example, Android 10), they had the long outdated 4.4.2 version.”

CyberSecurity

Specifically, the tampering concerns two files “/system/lib/libcutils.so” and “/system/lib/libmtd.so” that are modified in such a manner that when the libcutils.so system library is used by any app, it triggers the execution of a trojan incorporated in libmtd.so.

If the apps using the libraries are WhatsApp and WhatsApp Business, libmtd.so proceeds to launch a third backdoor whose main responsibility is to download and install additional plugins from a remote server onto the compromised devices.

“The danger of the discovered backdoors and the modules they download is that they operate in such a way that they actually become part of the targeted apps,” the researchers said.

“As a result, they gain access to the attacked apps’ files and can read chats, send spam, intercept and listen to phone calls, and execute other malicious actions, depending on the functionality of the downloaded modules.”

On the other hand, should the app using the libraries turn out to be wpa_supplicant – a system daemon that’s used to manage network connections – libmtd.so is configured to start a local server which allows connections from a remote or local client via the “mysh” console.

CyberSecurity

Doctor Web theorized the system partition implants could be part of the FakeUpdates (aka SocGholish) malware family based on the discovery of another trojan embedded into the system application responsible for over-the-air (OTA) firmware updates.

The rogue app, for its part, is engineered to exfiltrate detailed metadata about the infected device as well as download and install other software without users’ knowledge via Lua scripts.

To avoid the risk of becoming a victim of such malware attacks, it’s recommended that users purchase mobile devices only from official stores and legitimate distributors.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Die 7 besten VPNs für den ITV Player, mit denen Sie 2022

Next Post

RPC Monitor Tool Based On Event Tracing For Windows

Next Post

RPC Monitor Tool Based On Event Tracing For Windows

Recommended

How to watch Naoya Inoue vs Paul Butler online

2 months ago

Kali Linux 2022.3 – Penetration Testing and Ethical Hacking Linux Distribution

5 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.