Of late, there have been a lot of stories surrounding apps, security and privacy policies. Unfortunately, there seems to be only one app taking all the blows. And that’s WhatsApp. Another story rising in the shadows is one of a new Fake WhatsApp that is collecting data from iPhone users without their knowledge.
Fake WhatsApp for iPhone
The counterfeit WhatsApp version emerged after security company, ZecOps, tweeted about the detection of attacks against users on the instant messaging app. Soon, a cybersecurity research lab at the University of Toronto, Citizen Lab, got into the mix. They worked with Motherboard to find the fake version of WhatsApp for iPhone.
And in iOS world: iOS 14.4 patched two vulnerabilities that may have been exploited in the wild: Including both WebKit, and Kernel: hinting that they might have been used in 1-click attacks. To protect yourself: we advise to update to the latest iOS version. pic.twitter.com/4gFl63FdUK
— ZecOps (@ZecOps) January 26, 2021
As we speak, reports claim that there is a fake version of WhatsApp for iPhone made by an Italian surveillance company Cy4Gate. The intention is seemingly to target specific individuals, according to a report. the app is tricking users by requiring them to install certain configuration files on their iPhone.
The information that the hackers could obtain include
- Unique Device Identifier (UDID)
- International Mobile Equipment Identity (IMEI).
Here’s what the page looks like and the information it gives across.
“To keep in touch with your friends press the ‘download’ button and follow the instructions on the page,” the phishing site reads in Italian. The page then instructs visitors how to install a configuration file via the iPhone’s system settings menu. This is not how users install a legitimate version of WhatsApp: usually, iPhone users download it from the Apple App Store.
A WhatsApp spokesperson assured action against the fake version. “We strongly oppose abuse from spyware companies, regardless of their clientele. Modifying WhatsApp to harm others violates our terms of service. We will continue to take action against such abuse, including in court.”
“To help keep chats safe, we recommend that people download WhatsApp from the app store for their phone’s platform. In addition, we may temporarily ban people using modified WhatsApp clients we detect. This is to help encourage people to download WhatsApp from an authoritative source.”
Well. Looks like another WhatsApp fail. I can say that it’s maybe not their fault, but a good work of hackers, but no. If they could get the user’s info through the configuration file, it means that WhatsApp failed again. That’s why I recommend to use Signal or Utopia p2p. The last one didn’t face any data leak ever and doesn’t require your personal info. So the choice is up to you.