Malware is designed to do all kinds of things. Whether it’s planting fake and spam ads on a phone, gaining access to your financial information, or taking it over completely. A new report by Osservatorio Nessuno, an Italian digital rights organization, uncovered a new spyware called Morpheus that allows the attacker to snoop on your apps, like your WhatsApp messages.
New Morpheus spyware can snoop on your WhatsApp
Based on their findings, researchers have linked this spyware to an Italian company called IPS. For those unfamiliar, IPS is a company that has been in operation for more than 30 years. The company supposedly provides access to lawful interception technology. Basically, tools that are apparently sanctioned by government and law enforcement agencies.
What makes Morpheus particularly effective is because it’s considered a “low cost” spyware. It relies on simple infection mechanisms, which tricks targets into installing it themselves. When the spyware has been installed, it takes advantage of Android’s accessibility features. This in turn lets the spyware read data on the phone’s screen and interact with other apps.
One of the ways the Morpheus spyware tricks users into accessing their WhatsApp is that first it spoofs the app. Then, it launches a biometric screen asking users to prove it’s them. However, what this does is that it effectively grants the spyware access to their account.
Not just for criminals
What makes this particular spyware concerning is that it’s not necessarily used by criminals. Like we said, IPS claims to offer lawful interception technology. This means that it’s most likely used by governments and law enforcement agencies to track suspects and targets. In fact, the researchers found that the infection process was aided by telecom providers.
In one instance, the telecom provider deliberately blocked the target’s mobile data. They then sent the target an SMS, asking them to install an app that would supposedly “update their phone.” However, in reality, this allowed the attackers to install the spyware on the device.
We guess we shouldn’t be surprised at this point. It was just last month there was a report that revealed a hacking toolkit used by the US government had made its way onto the black market. The act of governments and law enforcement using tools to bypass security systems have been well-documented as well.
The post This New Android Spyware Uses a WhatsApp Trick to Hand Over Your Account appeared first on Android Headlines.
