WhatsApp Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/whatsapp/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 03 Nov 2023 10:11:06 +0000 en-US hourly 1 https://wordpress.org/?v=90599 200474804 Malicious WhatsApp Mods Spread Through Telegram https://gridinsoft.com/blogs/malicious-whatsapp-mods/ https://gridinsoft.com/blogs/malicious-whatsapp-mods/#respond Fri, 03 Nov 2023 10:10:46 +0000 https://gridinsoft.com/blogs/?p=17442 Some WhatsApp mods, which are unofficial versions of the app, have been found to contain hidden spyware. This spyware is designed to steal personal information from your device. It’s alarming because it could put your privacy at risk. What are WhatsApp Mods? WhatsApp mods are unofficial, altered versions of the popular messaging app WhatsApp. There… Continue reading Malicious WhatsApp Mods Spread Through Telegram

The post Malicious WhatsApp Mods Spread Through Telegram appeared first on Gridinsoft Blog.

]]>
Some WhatsApp mods, which are unofficial versions of the app, have been found to contain hidden spyware. This spyware is designed to steal personal information from your device. It’s alarming because it could put your privacy at risk.

What are WhatsApp Mods?

WhatsApp mods are unofficial, altered versions of the popular messaging app WhatsApp. There are benevolent variations of them, but we are talking of one which has been modified to include malicious code. In general using modified versions or “mods” of popular messaging apps can pose significant risks. These mods, created by third-party developers, may offer enticing features but can also harbor spyware and malicious code.

  • Modded apps often bypass the official security measures, making your data more vulnerable.
  • Mods are typically downloaded from unverified sources, making it easy for cybercriminals to distribute spyware.
  • Spyware hidden within mods can steal sensitive personal information, compromising your privacy.
  • It can be a breeding ground for various malware, not just spyware, which can harm your device and data.

Just for a disclaimer – I am not claiming all the WhatsApp mods are malicious. There are modifications clear of any malicious intent. Nonetheless, using mods for messengers are an obvious security risk, for the reasons listed above.

Infected WhatsApp Mods – How Do They Work?

Throughout the last time, analysts started detecting a huge amount of malicious mods that share a couple of things in common. All of them are promoted in Telegram, and target users from Arabic countries, particularly Middle Eastern ones. Though, a more important thing is the presence of the same malicious module that sits right into such an app.

WhatsApp mods in Telegram
Telegram channels distributing malicious mods

Infected mods of WhatsApp contain not just visible changes, but also malicious code that allows it to perform all the dirty deeds. Then, the thing launches the spy module within the WhatsApp spy mod, particularly when the phone is powered on or starts charging.

This spy module harvests sensitive information from the infected device, including the IMEI, phone number, mobile country code, and mobile network code. Additionally, it requests configuration details like data upload paths and intervals for communication with the command-and-control (C&C) server. The module also transmits information about the victim’s contacts and accounts every five minutes.

Distribution Channels

Experts have discovered that these spyware-laden WhatsApp mods are distributed through the popular messaging app Telegram channels, those in Arabic and Azeri languages. And some channels on Telegram are being used to spread these harmful mods. These channels boasted a subscriber base of two million users. Telegram swiftly received notifications about the activities taking place on these channels. Experts diligently downloaded the versions of these mods from the channels. Unsurprisingly, they uncovered a spy module in each one, confirming their suspicions.

WhatsApp spy mods
Websites distributing malicious mods

In addition to Telegram channels, these infected mods are distributed through websites dedicated to WhatsApp modifications.

Malicious WhatsApp Mods Target Middle East Users

The spyware has targeted Arabic-speaking users in particular, with messages sent to the spyware’s control server being in Arabic. This suggests that the person behind the spyware is likely fluent in Arabic.

The top five countries with the highest number of attacks were Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.

Malicious WhatsApp Mods Target Middle East Users

How to Stay Safe

To protect yourself, it’s essential to be cautious when using unofficial or modded apps. Stick to the official versions of apps like WhatsApp to ensure your privacy and security. Using official apps ensures you’re not putting your personal information at risk.

If you’re tempted by the additional features offered by modded apps, consider using a reputable security solution to protect your device. A good security app can help detect and block any malware, giving you peace of mind when using third-party apps.

It’s always better to be safe than sorry when it comes to your online privacy. Stick to official apps, use security software, and stay vigilant against potential threats. Your privacy is worth it.

Malicious WhatsApp Mods Spread Through Telegram

The post Malicious WhatsApp Mods Spread Through Telegram appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/malicious-whatsapp-mods/feed/ 0 17442
Dangerous WhatsApp Scams You Should Avoid https://gridinsoft.com/blogs/whatsapp-scams/ https://gridinsoft.com/blogs/whatsapp-scams/#respond Fri, 09 Dec 2022 17:33:16 +0000 https://gridinsoft.com/blogs/?p=12527 WhatsApp scams are constantly evolving, and some are difficult to identify. However, certain methods can identify the most common red flags. Read on for information on WhatsApp scams and how to avoid them. What is WhatsApp Scam? Although WhatsApp’s encryption is end-to-end, it doesn’t completely protect users from being hacked. Furthermore, users are at risk… Continue reading Dangerous WhatsApp Scams You Should Avoid

The post Dangerous WhatsApp Scams You Should Avoid appeared first on Gridinsoft Blog.

]]>
WhatsApp scams are constantly evolving, and some are difficult to identify. However, certain methods can identify the most common red flags. Read on for information on WhatsApp scams and how to avoid them.

What is WhatsApp Scam?

Although WhatsApp’s encryption is end-to-end, it doesn’t completely protect users from being hacked. Furthermore, users are at risk of other scams besides hackers breaching their encryption. For example, cybercriminals can utilize WhatsApp to send messages that deceive people into publicizing financial or personal information, such as a password or Social Security number. They can also trick you into clicking a malicious link by impersonating a friend and creating a message that looks like a notification from a legitimate company. Rascals could also emulate you and take out credit cards or borrow money.

How to spot Whatsapp scams

Because fraudsters are getting more clever, it’s easier to notice new scams if you are aware of specific signs. In addition, learning which clues to look for can reduce the chances of getting scammed. For example, most scams involving WhatsApp messages involve texts that read something like this:

  • Ask you to take immediate action. Fraudulent texts are often alarming; they state that your accounts are suspended or the government will prosecute you.
  • Grammar and stylistic mistakes. Text messages from legitimate companies (like banks) will not have spelling errors. If you receive a text that has mistakes and prompts you to take action on a personal account or follow a link, it’s likely fraudulent.
  • No one knows them. Do a quick Google search to confirm that the number the message was sent from is the same person they claim to be. You may discover that the number is separate from the organization or agency that the text claims.
  • You’ve been randomly selected to receive a prize. Some WhatsApp spam messages claim you’ve won in a draw you didn’t participate in. They request that you divulge personal information to claim your prize or to click a link for additional information.
  • Avoid unfamiliar links. Spammers can utilize links to compromise your device or lead you to a fraudulent website that steals information. Be cautious of links you don’t recognize or that take you to websites you don’t frequent. Some links may appear similar, but if you closely examine them, you might notice that some letters or numbers are missing or extra.
  • They are typically sent from a long phone number, which is unusual. Receiving an unsolicited offer from a number 11 digits long is likely Whatsapp fraud. Marketing texts are typically sent from six-digit phone numbers, also known as six-digit codes or SMS short codes.

Types of Scams on WhatsApp

Many scammers on WhatsApp have similar intentions and objectives. Scammers want to obtain your personal information for fraudulent purposes, install malware on your device that could hold it hostage, or attempt to extort money from you by pretending to be someone they’re not.

1. Romance Scammer WhatsApp (WhatsApp Scams Dating)

Romance scams are particularly prevalent in online dating platforms like Tinder or eHarmony. However, once paired with someone through these dating services, the schemer might convince you to move the conversation to WhatsApp. The criminal attempts to connect with you emotionally, sometimes professing their undying love and how they would leave their current situation to be with you. Then, they request money with the justification of needing financial assistance, therefore it is very important to avoid Whatsapp scams dating.

Romance Scammer WhatsApp (WhatsApp Scams Dating)
Example of WhatsApp scam

2. Whatsapp account access phishing

Scammers utilize the WhatsApp feature, which allows them to use the same account on multiple devices. A six-digit code unique to that device is required to activate another machine. Scammers utilize various methods to get this code from the victim. The primary method of WhatsApp phishing is to befriend you, gain your trust, and then ask you for the code, claiming that it was sent to you by mistake.

3. WhatsApp pretexting scam

This is a sub-specimen of the former one. This Whatsapp attack begins when the victim receives two messages simultaneously. One of the messages is an apology from an alleged acquaintance or relative who mistakenly sent a verification number to the victim’s account instead of their own. They’ll continue to request the 6-digit number the victim just received. Only individuals will receive a verification code via WhatsApp if they’re creating a new account or attempting to access their account on a different device. In this Whatsapp attack scenario, the scammer tries to access a victim’s account and needs the verification code to complete the deception. If you receive a 6-digit verification code that is entirely unexpected, you may be the intended recipient of a scam.

WhatsApp pretexting scam

4. WhatsApp Business account scams

WhatsApp Business accounts can only be messaged by end-to-end encrypted means. These accounts are only accessible by businesses that use the WhatsApp Business app or handle and store customers’ messages themselves. When messaging a business through WhatsApp, users’ messages will be delivered securely to the intended recipient. When a hacker takes control of your WhatsApp account, they can view your messages and contact list. Hackers reportedly access accounts via automated phone services that forward calls to a different number; they can also bypass online security by forwarding voice OTP verification codes to a different phone number.

5. Tinder WhatsApp scam

The Tinder account verification scam involves a match presenting you with a fake bot that asks you to verify your account through a specific link. The bot provides the link to make it seem like a legitimate request from Tinder, which it isn’t. The link takes you to a site outside Tinder that requests private information, like your full name, WhatsApp scam email address, birth date, and credit card number. These sites don’t contain Tinder codes; instead, they ask for suspicious data. To access these services, users need to provide their personal information. This includes their credit card number and subscription information to adult websites. Some users report that subscriptions to these websites can cost up to $120/month, which is extremely difficult to cancel. Have you ever run into a Tinder scam WhatsApp?

7. WhatsApp job scams

To increase the appeal, the scam WhatsApp message includes information about the daily salary. You have been selected for the interview; your wage will be 800/day. Some notes will have a different number. However, the method of operation remains the same. Sometimes, the link takes you to a fraudulent website that collects your information. Frequently, it’s a legitimate individual on the other end, though they will request personal information or demand a fee via UPI. In this instance, adding ‘wa. me’ before a phone number on your web browser will direct you to a WhatsApp chat. As a result, scammers on the other end will likely request additional information, which you should avoid at all costs. Have you ever run into scam WhatsApp messages?

8. WhatsApp crypto scams

Cryptocurrency scams are prevalent and involve con artists who pretend to be financial experts that offer too good to be real opportunities. They may also counsel you to transfer your existing funds from a legitimate crypto exchange to a fraudulent one they control.

WhatsApp Crypto Scams

How to Avoid Harm on WhatsApp Hacker Attacks

  • Use two-factor authentication (2FA). Two-factor authentication benefits any online account, not just your WhatsApp account. This setup ensures a secondary layer of security when logging into apps. Before accessing WhatsApp, a one-time code is sent to your email, phone, or an authentication app.
  • Make a call for confirmation. If the individual who sent you the message said that the number had been disconnected or their phone was broken, contact the number they provided. If you can’t communicate with them via phone, attempt to contact them directly on social media to verify before sending any money.
  • Do not respond to messages requesting money. This advice is common for all WhatsApp hacker attacks, not just WhatsApp scams. Trust your instincts and analyze the text and language. Is the individual requesting money speaking differently than they usually would? If the request for money is legitimate, they would likely communicate through other means, not just WhatsApp.
  • Report the incident and scam to WhatsApp. Be aware of the importance of reporting any unusual activity and WhatsApp fraud. They can attempt to eradicate these fraudulent accounts and prevent other users from being victimized by similar scams on WhatsApp. To write down a number on WhatsApp:
    1. Launch the chat with the user you want to report.
    2. Click the contact name.
    3. Click Report Contact.
    4. After that, click Report And Block.

Dangerous WhatsApp Scams You Should Avoid

The post Dangerous WhatsApp Scams You Should Avoid appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/whatsapp-scams/feed/ 0 12527
WhatsApp Hacked, Almost 500 Million Users Exposed https://gridinsoft.com/blogs/whatsapp-hacked/ https://gridinsoft.com/blogs/whatsapp-hacked/#respond Mon, 28 Nov 2022 21:02:32 +0000 https://gridinsoft.com/blogs/?p=12288 On November 28, 2022, information regarding a new WhatsApp breach appeared. The hacker offers a database with stolen data for sale since November 16. The offered pack contains the data of over 487 million users from up to 84 countries. WhatsApp hacked with used data exposition WhatsApp, one of the most popular messaging applications under… Continue reading WhatsApp Hacked, Almost 500 Million Users Exposed

The post WhatsApp Hacked, Almost 500 Million Users Exposed appeared first on Gridinsoft Blog.

]]>
On November 28, 2022, information regarding a new WhatsApp breach appeared. The hacker offers a database with stolen data for sale since November 16. The offered pack contains the data of over 487 million users from up to 84 countries.

WhatsApp hacked with used data exposition

WhatsApp, one of the most popular messaging applications under the sun, was reportedly hacked a couple of weeks ago. The messenger offers end-to-end encryption, but the breach seems to rely upon the back-end issue. As the hacker assures, the information it leaked from WhatsApp contains the phone numbers of the messenger users. The forum post where the hacker offers the data it stole was posted on November 16, hence the exact breach happened around this date.

Breachforum post WhatsApp data
Forum post that offers to purchase WhatsApp users’ data

The leak includes the data of more than 487 million users from 84 countries. Among them are European, Middle Eastern, Asian, African countries, and both Americas. Cybercriminal offers to purchase the database partially, by country or region. It is not clear if someone can buy the entire leak, but the prices for parts show that it will not be cheap. For instance, the UK database is priced at $2500, same as Germany. Meanwhile, the price for the pack with US users will cost $7000. To try out the leak, hackers offer a test sample of ~1000 numbers from the list.

What is the danger of such a leak?

Phone number is an important identifier of a person, which allows performing phishing attacks and impersonation. Threat actors can use phone numbers to perform mass spamming through SMS, as well as robocalls. Alternatively, crooks may spam you through messengers, including the same WhatsApp. These messages are not dangerous themselves, but any interaction with this thing can end up with more intensive spam or, if you are not careful, losing your money or reputation.

SMS spam example
The example of SMS spam, which mimics the message from BofA

The other side of that sad story is security questions about WhatsApp. Apparently, that’s not the first time WhatsApp gets hacked. All other Meta products – Facebook and Instagram – did not avoid this ill fame as well. Besides being vulnerable to hackers’ attacks, these apps are also famous for their data collection capabilities. Nothing else can track your activity and interests in such an intensive manner. Targeted ads there, however, have subpar quality, so it is questionable if there’s any useful motive for using these services.

How can I protect myself?

As you can see from the recent cases with WhatsApp, Facebook and other social media, you should help yourself on your own when you’re gonna get drowned. It is not clear how did the hack happen, but it is clear how you can decrease the number of your data hackers can reach.

  1. Don’t share personal information. Untargeted spam in social networks has become a usual thing, but in more sophisticated cases, crooks rely upon the details you share on your profile. The less information you post – the less convincing phishing can possibly crooks perform.
  2. Keep your eye on recent breaches. In some cases, not phone numbers, but usernames and passwords are exposed. If you witness the news which tells you about the possible breach, it is better to preventively change your credentials. This or another way, such a procedure greatly increases your security.
  3. Use anti-spam apps. Not all of the hacks are loud enough to become public as soon as they happen. Most of the time, hackers will be able to sell considerable amounts of data they stole on the Darknet. To preventively avoid the consequences of this, use programs that automatically detect and delete spam SMS. They usually work by comparing the sender’s number with a pre-composed database. However, be careful with these apps as well, since they can malfunction sometimes, or leak your info to a third party. Use only well-proven ones.

WhatsApp Hacked, Almost 500 Million Users Exposed

The post WhatsApp Hacked, Almost 500 Million Users Exposed appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/whatsapp-hacked/feed/ 0 12288
Meta Finds over 400 Chinese Apps That Stole Data from 1 million Users https://gridinsoft.com/blogs/meta-and-chinese-apps/ https://gridinsoft.com/blogs/meta-and-chinese-apps/#respond Wed, 12 Oct 2022 17:51:38 +0000 https://gridinsoft.com/blogs/?p=11059 Meta has sued several Chinese companies (including HeyMods, Highlight Mobi and HeyWhatsApp) for developing and using “unofficial” WhatsApp apps for Android. The fact is that since May 2022, these applications have been used to steal more than a million WhatsApp accounts. By the way, also read our article: Top Facebook Scams 2022: How to Avoid… Continue reading Meta Finds over 400 Chinese Apps That Stole Data from 1 million Users

The post Meta Finds over 400 Chinese Apps That Stole Data from 1 million Users appeared first on Gridinsoft Blog.

]]>
Meta has sued several Chinese companies (including HeyMods, Highlight Mobi and HeyWhatsApp) for developing and using “unofficial” WhatsApp apps for Android. The fact is that since May 2022, these applications have been used to steal more than a million WhatsApp accounts.

By the way, also read our article: Top Facebook Scams 2022: How to Avoid Them.

According to court documents shared by Bleeping Computer journalists, malicious applications, in particular, were available for download from the websites of the companies themselves, as well as through the Google Play Store, APK Pure, APKSFree, iDescargar and Malavida.

After installing applications (including AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods and Theme Store for Zap), they used the built-in malware to collect sensitive user information, including authentication data, and then took over other people’s WhatsApp accounts to send spam.

After the victims installed the malicious apps, they were prompted to enter their WhatsApp user credentials and grant access to WhatsApp to the malicious apps.the documents state.

At the same time, according to the official statistics of the Google Play Store, only the AppUpdater for WhatsPlus application has been installed more than a million times.

Meta and Chinese Apps
A gambling site that spammers advertised on WhatsApp

Will Cathcar
Will Cathcar

It is worth noting that last summer, the head of WhatsApp, Will Cathcar, warned users not to download modified versions of WhatsApp, and cited HeyMods and HeyWhatsApp as examples. Cathcart wrote that the company’s security service discovered hidden malware in these applications, and their main goal is to steal users’ personal information.

Interestingly, at the same time that the media learned about this lawsuit, Meta published an official press release in which it also stated that it had discovered more than 400 malicious applications that stole user data. However, here we are talking not only about applications for Android (355 pieces), but also about applications for iOS (47 pieces), and theft of credentials from Facebook accounts was named as their purpose.

Meta and Chinese Apps

These apps were hosted on the Google Play Store and the Apple App Store and disguised as photo editors, games, VPNs, business apps, and other utilities to trick people into downloading them.the company said.

By prompting victims to “Log in with Facebook,” the apps ended up stealing user credentials, hijacking other people’s accounts, and being able to “perform activities such as sending messages to friends and gaining access to personal information.”

More than a million users have reportedly been notified of the potential compromise and are now urged to change their passwords and enable two-factor authentication.

The post Meta Finds over 400 Chinese Apps That Stole Data from 1 million Users appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/meta-and-chinese-apps/feed/ 0 11059
Unlocking the Secrets of Messaging Apps: An In-Depth FBI Study Guide on Accessible Data for Law Enforcement https://gridinsoft.com/blogs/fbi-study-guide-showed-what-data-officers-can-get-from-messengers/ https://gridinsoft.com/blogs/fbi-study-guide-showed-what-data-officers-can-get-from-messengers/#respond Thu, 02 Dec 2021 06:08:00 +0000 https://blog.gridinsoft.com/?p=6430 An FBI study guide has been made publicly available as part of a Freedom of Information law request filed by Property of the People, an American non-profit organization that deals with government transparency. The resulting document contains training tips for agents and explains what kind of data can be obtained from the operators of various… Continue reading Unlocking the Secrets of Messaging Apps: An In-Depth FBI Study Guide on Accessible Data for Law Enforcement

The post Unlocking the Secrets of Messaging Apps: An In-Depth FBI Study Guide on Accessible Data for Law Enforcement appeared first on Gridinsoft Blog.

]]>
An FBI study guide has been made publicly available as part of a Freedom of Information law request filed by Property of the People, an American non-profit organization that deals with government transparency.

The resulting document contains training tips for agents and explains what kind of data can be obtained from the operators of various messengers and what legal permissions will be required for this.

Secure Messaging Apps Data
Secure Messaging Apps Data

The document is dated January 7, 2021, and, in general, does not contain any fundamentally new information, but it gives a good idea of what information the FBI can currently receive from services such as Message, Line, WhatsApp, Signal, Telegram, Threema, Viber, WeChat and Wickr.

It was previously known that the FBI has legal leverage to obtain personal information even from the operators of secure messengers (which usually focus on confidentiality). Forbes reporter Thomas Brewster said on Twitter

In general, the training document confirms that usually the FBI cannot access the encrypted messages themselves, but they can request other types of information that can also be useful in investigations.

Application Legal Permissions and Other Details
Apple iMessage Reading message content is limited.
Summons: Help you find out basic information about a subscriber.
18 USC §2703 (d): Helps to identify requests in iMessage 25 days from the specified date.
Pen Register: Impossible.
Search warrant: helps you get backups from the target device; if the target uses iCloud backups, encryption keys must be provided, and iMessages can also be retrieved from iCloud if the target has activated Messages in iCloud.
Line Reading of message content is limited.
Registration data of the suspect and/or victim (profile picture, name, email address, phone number, LINE ID, registration date, etc.).
Usage Information.
Content of text chats for a maximum of 7 days for specified users (only if end-to-end encryption is not active and not used, and only if a valid warrant is received; however, videos, images, files, location data, voice calls, and other such data will not be disclosed).
Signal The content of messages cannot be read.
Date and time of user registration.
Last date when the user was connected to the service.
Telegram The content of messages cannot be read.
User contact information is not provided to law enforcement to comply with a court order. & nbsp; Telegram may disclose the IP address and number for confirmed terrorist investigations, according to Telegram’s privacy statement phone to the relevant authorities.
Threema The content of messages cannot be read.
A hash of the phone number and email address, if provided by the user.
Push Token, if using a push service.
Public key.  Date (no time) when Threema ID was created.
Date (no time) of last login.
Viber The content of messages cannot be read.
Provided credentials (i.e. phone number), registration data, and IP address at the time of creation.
Message history: time, date, source number, and destination number.
WeChat Content of messages cannot be read.
Subpoenas and requests to save accounts are accepted, but data for accounts created in China is not provided.
For accounts outside of China, provided basic information (name, phone number, email address, IP address) that is retained as long as the account is active.
WhatsApp Reading message content is limited.
Subpoena: Help you get basic subscriber data.
Court order: same as subpoena and information about blocked users.
Search Warrant: This lets you get contacts from the target’s address book and find out which WhatsApp users have the target in their address book.
Pen register: Transmits source and destination metadata for every post every 15 minutes.
If the target is using an iPhone and iCloud backup is enabled, the data from iCloud may contain WhatsApp data, including the content of messages.
Wickr The content of messages cannot be read.
The date and time the account was created.
The type of devices on which the application is installed.
Date of last use.
Number of messages.
The number of external IDs (email addresses and phone numbers) connected to the account, but not the IDs themselves by open test.
Avatar.
Limited information about recent changes to account settings, including adding or stopping devices (does not include message content or routing and delivery information).
Wickr version number.

Let me remind you that I also reported that FBI removed web shells from vulnerable Microsoft Exchange servers without informing owners.

The post Unlocking the Secrets of Messaging Apps: An In-Depth FBI Study Guide on Accessible Data for Law Enforcement appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/fbi-study-guide-showed-what-data-officers-can-get-from-messengers/feed/ 0 6430
Facebook explained reasons for the global failure https://gridinsoft.com/blogs/facebook-explained-reasons-for-the-global-failure/ https://gridinsoft.com/blogs/facebook-explained-reasons-for-the-global-failure/#respond Tue, 05 Oct 2021 14:23:36 +0000 https://blog.gridinsoft.com/?p=5989 Yesterday, Facebook, Instagram and WhatsApp did not work for more than five hours around the world and after fixing the problems, representatives of the social network explained the reasons for the global outage. The failure was caused by a BGP routing issue. Currently, all services are already operating normally. Amid problems with access, rumours of… Continue reading Facebook explained reasons for the global failure

The post Facebook explained reasons for the global failure appeared first on Gridinsoft Blog.

]]>
Yesterday, Facebook, Instagram and WhatsApp did not work for more than five hours around the world and after fixing the problems, representatives of the social network explained the reasons for the global outage.

The failure was caused by a BGP routing issue. Currently, all services are already operating normally.

Amid problems with access, rumours of hacking and a colossal data leak began to spread across the network: the company was allegedly hacked and the information of 1.5 billion Facebook users was leaked to the network. This information turned out to be a lie.

Crash

On October 4, at about 6 pm Moscow time, Facebook, Instagram and WhatsApp went offline around the world. Apps didn’t work and browsers showed DNS error when trying to connect to sites. An attempt to connect directly to Facebook’s DNS servers also failed.

Facebook explained reasons for the failure

At first, it seemed that the problem was related to DNS, but later it turned out that everything is somewhat worse.

As experts including Giorgio Bonfiglio, head of Amazon AWS Technical Support, explained, Facebook’s routing prefixes suddenly disappeared from BGP routing tables, making it impossible to connect to any services hosted on those IP addresses.

As it turned out later, when social networks started working again, the experts were completely right. Facebook officials issued an official press release stating that the crash was caused by an error while changing the configuration of the backbone routers.

Our engineering teams found that configuration changes on the backbone routers that coordinate network traffic between our data centres caused problems that interrupted communications. This disruption to network traffic had a cascading effect on our data centres, making our services unavailable.wrote Santosh Janardhan, VP of Engineering and Infrastructure, Facebook.

It also reported that configuration issues have impacted the company’s internal systems and tools, making it even more difficult to diagnose and recover. It is worth saying that yesterday, numerous anonymous sources in the media and social networks reported that Facebook employees were not able to quickly get into their own data centres and access critical equipment, since real chaos reigned in the company itself due to a failure.

For a better understanding of what happened, Bleeping Computer explained that BGP (Border Gateway Protocol) is the routing protocol on which the entire Internet operates, it allows devices on one side of the world to connect to devices on the other using routes (prefixes).

To make it easier to understand: BGP is similar to the “mail system” of the Internet, facilitating the transfer of traffic from one (autonomous) system of networks to another. When a network wants to be seen on the Internet, they must communicate their routes or prefixes to the rest of the world. If these prefixes are removed, no one on the Internet knows how to connect to [Facebook] servers.said Lawrence Abrams, head and founder of Bleeping Computer.

Because Facebook configured its entire organization to use a domain registrar and DNS servers hosted on their own routing prefix, when the prefixes were removed, no one could connect to those IP addresses and the services running on them.”Facebook developers have already apologized for what happened:

Anyone affected by our platform disruptions today: sorry. We know that billions of people and businesses around the world depend on our products and services and must stay connected. We appreciate your patience.

Interesting consequences

  • Pavel Durov said that amid global shutdown of Facebook, Instagram and WhatsApp, Telegram’s audience increased by 70,000,000 people in one day. Durov greeted new users and promised that Telegram will not fail when others fail.
  • According to Haystack analysts, during the five-hour outage, developer activity increased significantly: the number of pull requests increased by 32%.

Fake leak

During the global shutdown of Facebook and other services of the company, a real panic arose on the network. The fact is that many media outlets reported that the failure did not occur by accident, the company was allegedly hacked, and now the personal data of one and a half billion users of the social network are sold on the darknet.

A huge (about 600 TB) dump that actually appeared recently on the RAID forum, allegedly contains names, email addresses, phone numbers, IDs, gender and user locations.

Facebook explained reasons for the failure

The problem is that this dump went on sale at the end of September, and the data, apparently, was collected using scraping (that is, collecting and aggregating already open data). Such databases appear on the black market regularly. Moreover, as noted by Vice Motherboard, other members of the hack forum have already accused the seller of fraud.

Scamer. Sends only [data sample] 20 users. No more. Doesn’t accept escrow (moderator). But he expects you to believe in the [reality] of these 20 samples and send him $5,000. Instead of 1.5 billion, I think it has data from 150 users for social engineering.writes one of the forum participants.
Hahahaha 600 TB of Mark Zucker’s burger selfies: D.another RAID user laughs.

Researchers at PrivacyAffairs report that while the seller is trying to deny these allegations and continues to claim that the data is genuine, but there is little faith in this, as many researchers and information security journalists note.

Let me remind you that I also said that Information of 533 million Facebook users leaked to the public.

The post Facebook explained reasons for the global failure appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/facebook-explained-reasons-for-the-global-failure/feed/ 0 5989
Dangerous bug in WhatsApp could lead to disclosure of user data https://gridinsoft.com/blogs/dangerous-bug-in-whatsapp-could-lead-to-disclosure-of-user-data/ https://gridinsoft.com/blogs/dangerous-bug-in-whatsapp-could-lead-to-disclosure-of-user-data/#respond Fri, 03 Sep 2021 22:40:41 +0000 https://blog.gridinsoft.com/?p=5896 Check Point specialists spoke about a dangerous bug they discovered in the WhatsApp image processing function, which could lead to the disclosure of user data. The problem helped to disable the application, in addition, by applying certain filters to a specially created image and sending it to a potential victim, an attacker could exploit the… Continue reading Dangerous bug in WhatsApp could lead to disclosure of user data

The post Dangerous bug in WhatsApp could lead to disclosure of user data appeared first on Gridinsoft Blog.

]]>
Check Point specialists spoke about a dangerous bug they discovered in the WhatsApp image processing function, which could lead to the disclosure of user data.

The problem helped to disable the application, in addition, by applying certain filters to a specially created image and sending it to a potential victim, an attacker could exploit the vulnerability and gain access to confidential information from WhatsApp memory.

Back in November 2020, experts found out that switching between different filters in specially prepared GIFs caused WhatsApp to crash.

The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.Check Point researchers say.

The researchers identified one of the failures as a violation of the integrity of information in memory and immediately reported the problem to the developers, who assigned the problem ID CVE-2020-1910 (7.8 on the CVSS scale), detailing it as a read/write vulnerability out of range (out-of-bounds read-write).

Dangerous bug in WhatsApp

As a result, in February 2021, the WhatsApp developers released a revised version of the app (2.21.1.13), which introduced two new checks for original and modified images.

The root of the problem lies in the “applyFilterIntoBuffer ()” function, which works with image filters: it takes the original image, applies the filter selected by the user to it, and then copies the result to the buffer.

By reverse engineering the libwhatsapp.so library, the researchers found that the vulnerable function works based on the assumption that the original and modified images are the same dimensions and the same RGBA colour format.

Given that each RGBA pixel is stored as 4 bytes, a malicious image with only 1 byte per pixel can be used to gain out-of-bounds memory access as the function tries to read and copy four times as much data from the buffer.

Let me remind you that I also reported that Dangerous vulnerabilities in WhatsApp allowed compromising millions of users.

The post Dangerous bug in WhatsApp could lead to disclosure of user data appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/dangerous-bug-in-whatsapp-could-lead-to-disclosure-of-user-data/feed/ 0 5896
New worm for Android spreads rapidly via WhatsApp https://gridinsoft.com/blogs/new-worm-for-android-spreads-rapidly-via-whatsapp/ https://gridinsoft.com/blogs/new-worm-for-android-spreads-rapidly-via-whatsapp/#respond Mon, 25 Jan 2021 16:53:30 +0000 https://blog.gridinsoft.com/?p=5030 ESET security researcher Lukas Stefanko reported a new malware: he said that a new worm for Android automatically spreads through WhatsApp messages. The main purpose of malware is to trick users into adware or subscription scams. The link to the fake Huawei Mobile app redirects users to a site that is very similar to the… Continue reading New worm for Android spreads rapidly via WhatsApp

The post New worm for Android spreads rapidly via WhatsApp appeared first on Gridinsoft Blog.

]]>
ESET security researcher Lukas Stefanko reported a new malware: he said that a new worm for Android automatically spreads through WhatsApp messages.

The main purpose of malware is to trick users into adware or subscription scams.

The malware spreads through the victim’s WhatsApp app by automatic replies to any WhatsApp messages containing a link to the malicious Huawei Mobile app,Stefanko said.

The link to the fake Huawei Mobile app redirects users to a site that is very similar to the Google Play Store. Once installed on a device, a malicious application requests access to notifications, which it uses to carry out an attack. In particular, it is interested in the WhatsApp Quick Reply feature, which is used to reply to incoming messages directly from notifications.

In addition to reading notifications, the app also requests permissions to run in the background and draw on top of other apps – overlapping any other app running on the device with its own window, which can be used to steal credentials.

In its current version, the malicious code is only able to send automatic replies to the victim’s WhatsApp contacts, but in future versions, it may be possible to send replies in other applications that support the quick replies feature in Android.says Lukas Stefanko.

Although the message is sent to the same contact only once an hour, the message content and the link to the application are retrieved from a remote server, which means that malware can be used to spread other malicious sites and applications.

According to the researcher, it was not possible to establish how the initial infection occurs. It should be noted, however, that worm malware can spread incredibly quickly from multiple devices to many others via SMS, email, social media posts, channels/chat groups, etc.

It should also be noted that more than 30 million WhatsArp users have recently abandoned the messenger since the beginning of the year. This was reported by the British edition of The Guardian.

The ongoing massive leave of users from WhatsApp is associated with a poorly prepared update of the terms of service on this platform, journalists say. Many saw in them the upcoming cancellation of the confidentiality of correspondence, which is associated with the provision of data by the messenger to its parent company Facebook, whose management lost trust of the users.

As we said, Facebook gives US lawmakers the names of 52 firms it gave deep data access to.

As you know, initially, changes in the policy for providing WhatsApp services were supposed to take effect on February 8. However, due to the beginning of a rapid decline in the number of users, their introduction was postponed to 15 May.

The post New worm for Android spreads rapidly via WhatsApp appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/new-worm-for-android-spreads-rapidly-via-whatsapp/feed/ 0 5030
Google Search Indexes WhatsApp Private Groups https://gridinsoft.com/blogs/google-search-indexes-whatsapp-private-groups/ https://gridinsoft.com/blogs/google-search-indexes-whatsapp-private-groups/#respond Mon, 24 Feb 2020 16:57:42 +0000 https://blog.gridinsoft.com/?p=3490 Google search engine indexes invitations to WhatsApp groups (including links to private groups), which makes them visible and accessible to any user who wants to join the group. The journalist Jordan Wildon drew attention to the problem. He found that the WhatsApp “Invite to Group link” feature allows Google indexing these groups, making them available… Continue reading Google Search Indexes WhatsApp Private Groups

The post Google Search Indexes WhatsApp Private Groups appeared first on Gridinsoft Blog.

]]>
Google search engine indexes invitations to WhatsApp groups (including links to private groups), which makes them visible and accessible to any user who wants to join the group.

The journalist Jordan Wildon drew attention to the problem. He found that the WhatsApp “Invite to Group link” feature allows Google indexing these groups, making them available in a general search on the Web, as links are distributed outside the secure WhatsApp service.

“Your WhatsApp groups may not be as secure as you think they are. The “Invite to Group via Link” feature allows groups to be indexed by Google and they are generally available across the internet. With some wildcard search terms you can easily find some… interesting… groups”, — wrote Jordan Wildon.

Private WhatsApp conversations are usually only accessible via an invite code handed out to group members by the chat moderator. But this code is simply a string of text and a URL, and it seems that at least some of these are being indexed so they are findable by anyone via Google.

During the investigation, Motherboard reporters found private groups using a specific Google search. In particular, they managed to join a group dedicated to NGOs accredited by the UN and gain access to a list of all 48 participants and their phone numbers.

If desired, group administrators can make the chat link invalid, however, according to Wildon, in such cases, WhatsApp only generates a new link and does not always disable the original one.

As explained Facebook/WhatsApp representative Alison Bonnie, similarly with any content distributed through public channels, if the invitation link is shared on the Internet, any WhatsApp user can find it.

“Links that users want to share privately with trusted people should not be published on a public site”, — Bonnie said.

But ethical hacker @HackrzVijay said he had reported the issue to WhatsApp owner Facebook back in November, and Facebook had not done anything about it. In fact, it’s an “intentional product decision”, Facebook said, and group admins “can invalidate the link if so desired.”

In addition, although Facebook representatives were “surprised” that the links are indexed by Google, in WhatsApp / Facebook admitted that they can’t control Google indexing.

Group chats seem to be a WhatsApp pain point. Only recently I wrote that an attacker in a WhatsApp group chat could disable messengers of other participants, and I wonder what would happen to the chats of serious organizations if cybercriminals knew about these two vulnerabilities at once?

The post Google Search Indexes WhatsApp Private Groups appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-search-indexes-whatsapp-private-groups/feed/ 0 3490
Number of linked with WhatsApp phishing URLs increased by 13 467% https://gridinsoft.com/blogs/number-of-linked-with-whatsapp-phishing-urls-increased-by-13-467/ https://gridinsoft.com/blogs/number-of-linked-with-whatsapp-phishing-urls-increased-by-13-467/#respond Fri, 21 Feb 2020 16:20:39 +0000 https://blog.gridinsoft.com/?p=3483 According to Vade Secure’s report, the number of phishing URLs related to Facebook grew by 358,8%, and WhatsApp, by 13467%. Vade Secure published a report on phishing threats in the fourth quarter of 2019. Researchers identified 25 brands that phishers most widely use, compiling this list by analyzing a variety of phishing URLs. As a… Continue reading Number of linked with WhatsApp phishing URLs increased by 13 467%

The post Number of linked with WhatsApp phishing URLs increased by 13 467% appeared first on Gridinsoft Blog.

]]>
According to Vade Secure’s report, the number of phishing URLs related to Facebook grew by 358,8%, and WhatsApp, by 13467%.

Vade Secure published a report on phishing threats in the fourth quarter of 2019. Researchers identified 25 brands that phishers most widely use, compiling this list by analyzing a variety of phishing URLs.

As a result, researchers put WhatsApp on the fifth place with 5,020 unique phishing URLs. This means that the messenger has risen from 63 to 5th place in the list of the most counterfeit brands that are used in phishing attacks, having shown rapid growth of 13467%.

“Digging into WhatsApp, the staggering growth in phishing URLs stems primarily from a campaign inviting recipients to the so-called Berbagi WhatsApp group, which advertises pornographic content. Moreover, it appears web hosting provider 000webhost was hacked and used to host the phishing pages”, — explain Vade Secure researchers.

The messenger having through hard times, only recently I reported that Dangerous vulnerabilities in WhatsApp allowed compromising millions of users.

Also in the top 25 of the most popular brands among phishers were Facebook, which occupied the second place in the top, and Instagram, which raised for 16 positions to 13 places. Phishers used Facebook as a decoy in 9,795 phishing URLs, and Instagram in 1401, which almost doubled during the previous quarter and showed an increase of 187,1%.

WhatsApp Phishing URLs
Top-10 brands in phishing by Vade Secure

Although in the fourth quarter of 2019 the number of phishing attacks related to Facebook decreased by 18.7%, in the annual volume this indicator increased by 358.8%. It is worth noting that Facebook launched a new payments system in November called Facebook Pay. Available across Facebook, Messenger, Instagram, and WhatsApp, Facebook Pay enables users to send money to friends, purchase goods, or even donate to fundraisers.

“It will be interesting to see whether Facebook Pay drives further growth in phishing across Facebook’s brands, particularly if the size of the service’s user base reaches and exceeds PayPal’s”, — note Vade Secure researchers.

Additionally, the popularity of Facebook Login could become the reason for the popularity of social networks among phishers. So, having in their hands credentials from a Facebook account, phishers can see what other applications the user has logged in with social sign-on, and then compromise these accounts.

What is more, cybercriminals, instead of looking for financial returns from phishing on social networks, can collect credentials and then try to reuse passwords to crack other online services. Finally, a Google survey conducted in 2019 showed that two out of three people use the same password for multiple accounts.

The post Number of linked with WhatsApp phishing URLs increased by 13 467% appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/number-of-linked-with-whatsapp-phishing-urls-increased-by-13-467/feed/ 0 3483