A fake version of WhatsApp for iPhones was allegedly designed by Cy4Gate, an Italian surveillance company, according to a report by Motherboard and Toronto-based Citizen Lab. The installation of the fake version of WhatsApp was likely used to attack specific targets, according to the report.
Cy4Gate has denied that they created the spyware product or any link to the domain names, which were found in connection with the attack.
The news about a WhatsApp-based attack on iPhone users was first highlighted by security company ZecOps, which tweeted about the same. Later, Citizen Lab worked with Motherboard to find the counterfeit version of the instant messaging app. Citizen Lab has previously reported in detail about how NSO Group’s Pegasus spyware was used to target select users by exploiting a vulnerability in WhatsApp.
According to Citizen Lab, the creators of the spyware tricked targeted users into installing these fake WhatsApp configuration files on their smartphones. The stolen data includes Unique Device Identifier (UDID), International Mobile Equipment Identity (IMEI) among other information, adds the report.
A specific domain along with an IP address was used to trick victims into installing Mobile Device Management (MDM) profiles, which then pushed “malware into a target device”. The domain clusters are believed to be linked to Cy4Gate, a charge the company denies.
Citizen Lab also found a phishing page in Italian that has been made to look like an official WhatsApp site. The page says, “To keep in touch with your friends press the ‘download’ button and follow the instructions on the page,” in Italian. The page also has instructions regarding how to install the configuration file on iPhone, instead of simply downloading it from the App store.
The report notes that when opened, the file says it is from “WhatsApp Inc.” for “WhatsApp Messenger,” which would have further confused the intended victims.
However, the researchers were unable to figure out what other information the hackers were able to steal once they had managed to successfully enter a target device.
A WhatsApp spokesperson already confirmed that action will be taken against the counterfeit app. Currently, Facebook and WhatsApp are in a legal battle against Israeli spyware maker NSO Group that spied on targets worldwide.