• Home
  • Apps
  • Apps News
  • WhatsApp, Facebook Messenger Users Targeted by WolfRAT Android Malware: Cisco Researchers

WhatsApp, Facebook Messenger Users Targeted by WolfRAT Android Malware: Cisco Researchers

WolfRAT trojan steals images, videos, records screen and audio.

Share on Facebook Tweet Snapchat Share Reddit Comment
WhatsApp, Facebook Messenger Users Targeted by WolfRAT Android Malware: Cisco Researchers

Messaging apps like WhatsApp and Facebook Messenger are being targeted by WolfRAT

Highlights
  • WolfRAT malware is attacking WhatsApp, Messenger users
  • The trojan steals private data from the phone
  • It can also record audio and phone’s screen

Messaging apps users are being tricked into installing a trojan on their Android phones that spies on them by collecting photos, videos, messages, and recording audio. The researchers at Cisco Talos are calling it “WolfRAT”. It targets users of Whatsapp, Facebook Messenger, and Line in the guise of a Google Play or Flash update and gets them to install the trojan on their phones after which it not only collects different types of data but also sends them to the trojan command and control (C2) servers.

Researchers said that WolfRAT, a Remote Access Trojan (RAT), is a modified version of DenDroid, an older malware. DenDroid's source code was leaked in 2015 and since then, other malware like WolfRAT have come out to attack unsuspecting users. Messaging apps are especially on their radar. The trojan was seen recording the screen when WhatsApp Messenger was being run.

According to researchers, Thai users are being targeted by WolfRAT. Some of the C2 servers are also based in Thailand itself. The C2 server domain names contain Thai food names as well. Moreover, Thai comments were also found on the C2 framework.

The researchers claim the WolfRAT is very likely being run by Wolf Research, an organisation that used to create interception and espionage-based malware. While the organisation may not be formally active, its members are likely to be functioning. This trojan is also possibly performing the role of “an intelligence-gathering tool”.

Additionally, the researchers found that work on the trojan was done in a lazy manner. There was a lot of copy/paste from public sources, dead code, unstable code, and open panels etc. However, it was also added by them that the ability to gather data from phones is a big win for the operator because people send a lot of sensitive information via messages and are mostly unafraid about their privacy and security.


Which is the bestselling Vivo smartphone in India? Why has Vivo not been making premium phones? We interviewed Vivo's director of brand strategy Nipun Marya to find out, and to talk about the company's strategy in India going forward. We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: WolfRAT, WhatsApp, Facebook Messenger, Line
Prabhakar Thakur A news junkie and politics buff, he now talks tech. He misses the days when he used to play NFS Most Wanted and Counter-Strike non-stop with his school friends. More
Microsoft Warns of Massive COVID-19 Themed Phishing Campaign That Lets Attackers Gain Remote Access
Your Devices May Be Vulnerable to BIAS Bluetooth Attack: Report
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com