WhatsApp is one of the most popular IM services in the world. The Meta-owned site has millions of users in India, making it a tempting target for cybercriminals. Users of WhatsApp have often been the target of scammers and cybercriminals planning to obtain their personal information via a variety of means.
Hackers have started deploying a bogus Android software named ‘SafeChat’ to infect smartphones with spyware malware, bringing attention to the platform once again. This spyware not only takes WhatsApp information, but also messages, calls, and GPS coordinates from the phones it infects.
ABOUT THE APP
Security experts believe that this virus is a variant of CoverIm, a type of malware known for stealing information from a wide range of messaging and calling applications. The so-called “SafeChat” program operates by deploying “malicious” payloads sent through WhatsApp messages.
The cybercriminal group behind this spyware is suspected to be “Do Not,” while the attacks in India are attributed to APT Bahamut. This virus is believed to be a more advanced form of Cover, In capable of stealing data from popular messaging services such as WhatsApp, Telegram, Viber, Facebook Messenger, and Messenger.
The process of infection begins when a user installs the “SafeChat” app on their device. Upon its first launch, the app disguises itself as a secure means of online communication. If the user clicks on a pop-up message and unknowingly grants permission, the malware initiates the attack.
The potential risks to users are significant, as the spyware can compromise their security questions, personal messages, and other sensitive information. Given the severity of the threat, cybersecurity experts warn users to be extremely cautious when installing any app, including “SafeChat.” If a user has already installed the app and suspects their device is infected, they should take immediate action by deleting the app and clearing their device cache to mitigate potential damage.
OTHER METHODS USED BY HACKERS
Hackers use various methods and apps to steal information from WhatsApp users. These malicious apps and techniques often target users’ personal data, messages, and other sensitive information. Some of the common ways hackers exploit WhatsApp include:
Phishing Apps: Hackers create fake WhatsApp login pages or apps that resemble the official WhatsApp interface. Unsuspecting users may be tricked into entering their login credentials, which are then captured by the hackers. These stolen credentials can be used to access the victim’s WhatsApp account and extract information.
Spyware and Malware: Spyware and malware apps are designed to infect users’ devices without their knowledge. Once installed, they can gain unauthorised access to WhatsApp data and conversations, including messages, calls, and media files. Spyware apps may also track the user’s location and monitor their online activities.
Fake WhatsApp Extensions: Hackers may create browser extensions or add-ons that claim to enhance WhatsApp functionality. However, these fake extensions can inject malicious code into the user’s browser, leading to data theft and compromising the security of their WhatsApp account.
Social Engineering Attacks: Instead of relying on technical exploits, hackers may use social engineering techniques to trick users into revealing sensitive information. For example, they might impersonate someone the victim trusts or send fake messages claiming to be from WhatsApp support, asking for account verification or personal details.
Third-party WhatsApp Mods: While WhatsApp itself is secure, some users may download third-party modified versions of the app (WhatsApp mods) from unofficial sources. These mods often promise additional features or customization options but can be laden with spyware or malware designed to steal information.
Wi-Fi Sniffing: Hackers may set up rogue Wi-Fi hotspots in public places, enticing users to connect. Once connected, the hacker can intercept and sniff data transmitted over the network, potentially capturing sensitive WhatsApp information.
In conclusion, the presence of the “SafeChat” spyware highlights the ongoing risks of cyber threats targeting popular IM services like WhatsApp. Users must remain vigilant and exercise caution when interacting with unknown applications to protect their personal information and privacy from malicious actors. Regularly updating device software and using reliable security tools can further enhance online safety.