WolfRAT Android Malware Targets WhatsApp, Facebook Messenger
#1
Information 
Quote:A new Android malware family has been discovered, which targets popular messaging apps like WhatsApp and Facebook Messenger to gather intelligence on Android victims.
 
The malware, dubbed WolfRAT, is under active development, and was recently identified in campaigns targeting Thai users. Researchers assess with “high confidence” that the malware is operated by Wolf Research, a Germany-based spyware organization that develops and sells espionage-based malware to governments.
 
“The chat details, WhatsApp records, messengers and SMSs of the world carry some sensitive information and people choose to forget these when communications occur on their phone,” said Warren Mercer, Paul Rascagneres and Vitor Ventura, researchers with Cisco Talos, in a Tuesday analysis. “We see WolfRAT specifically targeting a highly popular encrypted chat app in Asia, Line, which suggests that even a careful user with some awareness around end-to-end encryption chats would still be at the mercy of WolfRAT and it’s prying eyes.”
 
Warren Mercer, technical lead at Cisco Talos, told Threatpost that he believes the infection vector was via phishing/smishing links sent to users devices. Researchers found that the command-and-control (C2) server domain is located in Thailand and contains references to Thai food, giving a clue about what the lure could potentially be.
 
Once downloaded, WolfRAT poses as legitimate services, such as Google Play apps or Flash updates, by using their icons and package names. These are normally functional packages, with no user interaction needed, Mercer said. For instance, the malware uses a package name (“com.google.services”) to pretend to be a Google Play application.
 
“The name appears generic enough to make a non-tech savvy user think it is related to Google and is a required part of the Android Operating System. If the user presses the application icon they will only see generic Google application information injected by the malware authors,” Mercer told Threatpost. “This is aimed at ensuring the application is not uninstalled by the victim.”

Read more: https://threatpost.com/wolfrat-android-m...er/155809/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Find out if an USB device is fake with f...
Fake USB devices c...harlan4096 — 08:47
Windows 11 KB5048685 Update causes Wi-Fi...
The KB5048685 Upda...harlan4096 — 12:36
Windows 11: issue may prevent further in...
The latest version...harlan4096 — 08:47
Notepad++ v8.7.5 (2024-12-25)
Notepad++ v8.7.5 (...harlan4096 — 08:16
AdGuard for Mac 2.16.2
AdGuard for Mac 2....harlan4096 — 08:13

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>