Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label WhatsApp. Show all posts
WhatsApp
Banking Data Cyber Attacks Cyber Scams E-Commerce fake Hacking WhatsApp Malaysia Malware Attack Payment Gateway WhatsApp

The Fake E-Shop Scam Campaign Sweeping Southeast Asia, seizing users banking details

 

In recent years, cybercriminals have been increasingly employing sophisticated tactics to target individuals and organizations across the globe. One such alarming trend is the proliferation of fake e-shop scam campaigns, particularly prevalent in Southeast Asia. 

These campaigns, characterized by their deceptive methods and malicious intent, pose significant threats to cybersecurity and personal privacy. The emergence of the fake e-shop scam campaign targeting Southeast Asia dates back to 2021, with a notable surge in activity observed by cybersecurity researchers in September 2022. 

Initially concentrated in Malaysia, the campaign swiftly expanded its operations to other countries in the region, including Vietnam and Myanmar. This expansion underscores the growing sophistication and reach of cybercriminal networks operating in Southeast Asia. At the heart of these malicious campaigns are phishing websites designed to deceive unsuspecting users. 

These websites often masquerade as legitimate e-commerce platforms or payment gateways, luring victims into providing sensitive information such as login credentials and banking details. Once users are enticed to visit these fraudulent sites, they are exposed to various forms of malware, including malicious Android applications packaged as APK files. 

The modus operandi of the attackers involves social engineering tactics, with cybercriminals leveraging popular communication platforms like WhatsApp to initiate contact with potential victims. By impersonating cleaning services or other seemingly innocuous entities on social media, the perpetrators exploit users' trust and curiosity, leading them to engage in conversations that ultimately result in malware infection. 

The malware deployed in these fake e-shop scam campaigns is multifaceted and constantly evolving to evade detection and maximize its impact. Initially focused on stealing login credentials for Malaysian banks, including prominent institutions like Hong Leong, CIMB, and Maybank, the malware has since incorporated additional functionalities. These include the ability to take screenshots, exploit accessibility services, and even facilitate screen sharing, granting the attackers unprecedented control over infected devices. 

Furthermore, the attackers have demonstrated a keen understanding of the linguistic and cultural nuances of their target regions. In Vietnam, for example, the campaign specifically targeted customers of HD Bank, employing phishing websites tailored to mimic the bank's online portal and language. Similarly, in Myanmar, the attackers utilized Burmese language phishing pages to enhance the credibility of their schemes among local users. 

The implications of these fake e-shop scam campaigns extend beyond financial losses and reputational damage. They represent a direct assault on user privacy and cybersecurity, with far-reaching consequences for individuals and businesses alike. The theft of sensitive personal and financial information can lead to identity theft, unauthorized transactions, and even ransomware attacks, resulting in significant financial and emotional distress for victims. 

In response to these evolving threats, cybersecurity experts emphasize the importance of proactive measures to safeguard against malicious activities. This includes exercising caution when interacting with unfamiliar websites or online advertisements, regularly updating antivirus software, and staying informed about emerging cybersecurity threats. 

Ultimately, combating the scourge of fake e-shop scam campaigns requires collective action and collaboration among stakeholders across the cybersecurity ecosystem. By raising awareness, implementing robust security measures, and fostering a culture of cyber resilience, we can mitigate the risks posed by these insidious threats and protect the integrity of our digital infrastructure.
Read more »
WhatsApp updates
Authentication Mobile Security user data security WhatsApp WhatsApp security features WhatsApp updates

WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature

 

In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further emphasizing its commitment to safeguarding user conversations. 

Additionally, WhatsApp has released utilities such as chat lock and app lock to enhance chat security and privacy. One notable feature is chat lock, which allows users to hide private conversations from the main chat lists. By enabling chat lock on a per-conversation basis, users can ensure that sensitive chats remain secure. When activated, users are prompted for biometric authentication, either through face or fingerprint recognition, before accessing locked chats. For users who require comprehensive protection for all their chats, WhatsApp offers app lock functionality. 

This feature, available at a device level on certain Android skins by major OEMs, allows users to secure the entire app with biometric authentication or device passcodes. Recently, in the latest WhatsApp beta version 2.24.6.20, the app's app lock feature underwent significant enhancements. According to findings by WABetaInfo, app lock is expanding to include additional authentication methods beyond just biometric fingerprint recognition. 

The update will introduce options such as face unlock and device passcodes, providing users with more flexibility in securing their chats. The inclusion of multiple authentication methods serves as a backup for fingerprint authentication, ensuring accessibility even in scenarios where fingerprint recognition may not be feasible. 

For example, users wearing gloves can still unlock the app using alternative methods. Moreover, the expansion of authentication options enhances accessibility for users who may face limitations with certain authentication methods. While the introduction of new authentication methods represents a significant improvement to WhatsApp's app lock feature, users are advised to exercise caution when installing the latest beta version. The current beta release may be prone to crashes, potentially compromising the app's core functionality. 

Therefore, it is recommended to await a wider release before attempting to access the new features. In conclusion, WhatsApp's dedication to user privacy and security is evident through its continuous efforts to enhance encryption and introduce innovative security features. The expansion of authentication methods for the app lock feature underscores WhatsApp's commitment to providing users with robust security options while maintaining accessibility and ease of use.
Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
WhatsApp
Android Cyberattacks CyberCrime Cybersecurity Meta Technology WhatsApp

WhatsApp's New Twinning Feature: Manage Two Accounts on a Single Device

 


There has been an announcement by Meta that users of smartphone devices will soon have the ability to use two WhatsApp accounts on the same device. 

According to Zuckerberg, switching between work and personal accounts is now much easier with this feature in place – now you don't have to worry about logging out individually each time, carrying two phones, or having your messages sent from the wrong account. 

The WhatsApp Business feature has been in development for a few months now, both in the beta version of WhatsApp and in the business version. Now it is finally available. In a recent press release, Meta said the new capability aimed at making switching accounts easier for users, such as switching between their personal phone numbers and their professional numbers, a feature aimed to simplify life for users. 

There are many people who prefer to maintain two WhatsApp accounts: one for work and one for personal communication. As a result, these users need to download a copying app on Android or setup a WhatsApp Business account on iOS in order to use this method. In this situation, it is important to point out that the multi-account login feature opens up.

It gives users the option to switch from one WhatsApp account to another with just a few taps. For the feature to be enabled, users will need to obtain a new phone number (with a SIM card) or a new phone with multiple SIMs installed in order to use it. Through a one-time password, a verification will be done for the second number by the app.  

There has been some discussion regarding the availability of the feature on Android, but to date, it is only available on Android devices. In the coming weeks, users are expected to receive the new update. Meta also recommends that users only use the official WhatsApp application and not download unofficial or fake versions to make it easier for them to add more accounts. 

WhatsApp assures users that their messages are secure and private, whereas imitations may not provide the same level of security for your messages. Currently, Meta's decision is to create a new feature to make it easier for users to use multiple WhatsApp accounts on different devices in the future. 

As of 2021, Meta has now expanded this feature to include other smartphones, so users will now be able to access their accounts on Android tablets, browsers, or computers using the multi-device feature. As a result, users of Meta will now be able to use their WhatsApp accounts on two different smartphones simultaneously. 

When setting up a second account, users can do so by going to Settings > Add Account. When setting up, they will need their second mobile phone with a SIM or a device that has the physical or eSIM capabilities for multi-SIM. It was announced earlier this week that each account can have its own notifications and privacy settings. 

With the passkey support that WhatsApp launched earlier this week for the Android version, users can no longer use SMS-based two-factor authentication to log into the app. The Chief Executive Officer (CEO) of Meta, Mark Zuckerberg, has unveiled an upcoming functionality that will enable users to utilize two WhatsApp accounts on one device, thereby streamlining the administration of personal and professional dialogues. 

This functionality, initially accessible on the Android platform, is scheduled for global implementation in the forthcoming weeks. Users will be required to possess an extra telephone number for verification purposes. Meta strongly advises against the acquisition of unofficial WhatsApp versions due to security concerns. This advancement is congruent with Meta's endeavours to augment user satisfaction and extend multi-account capabilities across diverse devices.
Read more »
WhatsApp
Calling Cybersecurity IP Masking Privacy Techincal Updation WhatsApp

Securing Your Conversations: WhatsApp Introduces IP Masking for Calls

 


Meta-owned WhatsApp is rolling out a new option on Android and iOS to make it harder for hackers to infer users' location by protecting their IP address in calls. With this new 'protect IP address in calls' feature, users will get to add an extra layer of security to their calls by protecting their IP address and location from malicious actors, reports WABetaInfo. 

Besides allowing users to create AI-generated stickers, WhatsApp is also working on something much more serious. The Meta-owned instant chat messaging platform is planning a new privacy feature that will make IP tracking a lot more difficult to achieve. 

India is witnessing a surge in cyber fraud cases and one of the most vulnerable platforms to these scams is WhatsApp. With millions of active users, the Meta-owned instant messaging app is becoming common ground for scammers to spread their tricks. So, to protect users, Meta is working on a new security feature that will allow users to block their location from being tracked down using their IP address during a call. 

According to WABetaInfo, WhatsApp previously introduced the silence unknown callers feature, allowing users to mute calls from unfamiliar contacts to enhance call privacy. The latest update reveals a new privacy relay feature for calls. 

The toggle states that enabling it would make it more difficult for people to infer your location from your message, and it goes on to explain how WhatsApp would accomplish this task. It's also worth mentioning that it's likely that this feature will remain an opt-in feature that will not be used too often because the quality of users calls would be sacrificed to have this extra layer of security. 

WhatsApp is yet to confirm when the toggle will be available on the stable version, which is expected by the end of the year, but it intends to make it available to all users in the future. However, the company has not yet confirmed the exact date when the toggle will be available on the stable version of the app. 

Using the new IP address protection feature, users can protect their location information during a call, which makes it harder for those they are communicating with to pinpoint their precise location, thus increasing the privacy of their location information during a call. This feature is not yet available on WhatsApp. 

Wabetainfo noticed it during testing and it was first observed in the WhatsApp beta for Android 2.23.18.15 update, but has not been officially announced yet. This means that an upcoming update to the app is likely to include it. 

It seems to us that this privacy safeguard applies to both voice and video calls, as there is no mention that it is limited to voice calls. According to WhatsApp's support page, both calls as well as texts or media that are sent via the platform are protected by end-to-end encryption, which is used to make sure none of the information is disclosed to the wrong parties. 

Overall, it is positive news to hear that WhatsApp is doing its utmost to improve user security, which is especially pertinent given that Meta Platforms has long been accused of neglecting user privacy. In the meantime, WhatsApp has announced that it will now offer a feature called "Silence Unknown Callers" in its settings menu.

Introducing the new feature in an official blog post of Meta, a company that announced it. It revealed the feature would give users more control and privacy over their incoming calls through the "Silence Unknown Callers" feature. For enhanced protection on the platform, the feature will screen out spam, scams, and phone calls from unknown people automatically. 

It has been announced that Mark Zuckerberg, Founder and CEO of Meta, will be releasing a new privacy feature on WhatsApp that allows users to automatically silence incoming calls from unknown contacts, as a more secure means of maintaining privacy and control. 

The new feature, which can be turned on or off, will silence incoming calls from unknown numbers once it is turned on. However, WhatsApp continues to show the call history in the call list tab and notifications so that users are not left out of important calling opportunities.
Read more »
WhatsApp
Cyber Attacks CyberCrime Cybersecurity Jews Lawsuit NSO WhatsApp

WhatsApp Debunks Baseless Claims of Cyberattack Targeting Jews

 


Forwarded messages spewing rumours of cyberattacks targeting Jewish people, or stoking fears that Jewish people might be the target of cyberattacks, have no basis in reality, according to Meta's WhatsApp messaging service. 

Numerous online platforms have appeared to be spreading the warnings in recent days, with warnings beginning to circulate on Saturday. Scott Melker, one of the most influential crypto influencers on X, who has over one million followers, posted a warning on the social network asking that people share it with others. 

Hackers will use the WhatsApp app to lure WhatsApp users to download a file called "Seismic Waves CARD" the app, which will allow them to hack their phones in less than 10 seconds after installing the app. A post by Melker has been retweeted 200 times and has been viewed more than 250,00 times as of this writing. 

As reported by NBC News, the warning has been posted more than 30 times on X and has also spread to other social media and messaging services, including Facebook, Twitter, WhatsApp and WhatsApp Messenger. There have been more than a dozen other posts since then, including one that was posted by a former Twitter user who spread the warning across Twitter, Facebook, and other social media platforms. 

In a recent interview with the New York Times, WHO Communications Manager Emily Westcott stated that similar rumours have circulated before and that the company had previously confirmed that the messages hacked by "seismic waves" had been false. There have been several hoaxes popping up of late, warning of the download of a “Seismic Waves CARD”, which supposedly relates to the Moroccan earthquakes. 

The message copycats elements of a previous hoax warning issued just several weeks ago. A Snopes report in September confirmed that those messages were also false and that WhatsApp had lied about them.

A Similar Hoax Has Been Reported in The Past 

In a report published by multiple news outlets, Emily Westcott, a communications manager at WhatsApp, owned by Meta, stated that this type of hoax has been reported in the past. 

According to her, similar messages regarding the September earthquake in Morocco had also been falsely reported by the company in a previous statement that was made to fact-checking website Snopes. Even though spyware has cropped up in the past, this issue is rare to date and the spread of the hoax plays to the fears that victims may have about spyware on their phones.

As per researchers, Israeli cyber-intelligence company NSO Group created spyware in 2019 which was capable of infecting cell phones through the app's voice calling function based on a vulnerability found in WhatsApp's code. 

According to WhatsApp's lawsuit against NSO, the spyware was allegedly targeting 1,400 users, including journalists, lawyers, human rights activists, political dissidents, diplomats, and foreign officials in a position to represent a foreign government. It has been reported that NSO's products were at least a minor part of the murder of the Washington Post journalist Jamal Khashoggi. 

Elon Musk has been criticized heavily for his more relaxed approach to content moderation and the spread of misinformation at X, and as a result, Musk himself has commented on conspiracy theories that are spreading throughout the site. After Musk posted a message on Sunday urging X users to stay updated on the Israel-Hamas fighting by following accounts known for promoting lies, Musk deleted the post after a few hours. 

A number of those accounts have also posted antisemitic content in the past, including a statement that said, "The overwhelming majority of people who work in the media and banks are Zionists," which is antisemitic. Several videos from previous conflicts have been repackaged and distributed on the Internet in the days following the outbreak of the war, including videos repurposing to show footage from the ground, video game clips claiming to show footage from the ground, and a false press release from the White House claiming the Biden administration had provided $8 billion in emergency aid to Israel.
Read more »
WhatsApp
alternative messaging apps Cyber Security End-to-End Encryption Privacy Concerns Secure Messaging Signal app SMS security risks SMS vulnerabilities Telegram WhatsApp

Seure Messaging Apps: A Safer Alternative to SMS for Enhanced Privacy and Cybersecurity

 

The Short Messaging Service (SMS) has been a fundamental part of mobile communication since the 1990s when it was introduced on cellular networks globally. 

Despite the rise of Internet Protocol-based messaging services with the advent of smartphones, SMS continues to see widespread use. However, this persistence raises concerns about its safety and privacy implications.

Reasons Why SMS Is Not Secure

1. Lack of End-to-End Encryption

SMS lacks end-to-end encryption, with messages typically transmitted in plain text. This leaves them vulnerable to interception by anyone with the necessary expertise. Even if a mobile carrier employs encryption, it's often a weak and outdated algorithm applied only during transit.

2. Dependence on Outdated Technology

SMS relies on Signaling System No. 7 (SS7), a set of signalling protocols developed in the 1970s. This aging technology is highly insecure and susceptible to various cyberattacks. Instances of hackers exploiting SS7 vulnerabilities for malicious purposes have been recorded.

3. Government Access to SMS

SS7 security holes have not been adequately addressed, potentially due to government interest in monitoring citizens. This raises concerns about governments having the ability to read SMS messages. In the U.S., law enforcement can access messages older than 180 days without a warrant, despite efforts to change this.

4. Carrier Storage of Messages

Carriers retain SMS messages for a defined period, and metadata is stored even longer. While laws and policies aim to prevent unauthorized access, breaches can still occur, potentially compromising user privacy.

5. Irreversible Nature of SMS Messages

Once sent, SMS messages cannot be retracted. They persist on the recipient's device indefinitely, unless manually deleted. This lack of control raises concerns about the potential exposure of sensitive information in cases of phone compromise or hacking.

Several secure messaging apps provide safer alternatives to SMS:

1. Signal
 
Signal is a leading secure messaging app known for its robust end-to-end encryption, ensuring only intended recipients can access messages. Developed by the non-profit Signal Foundation, it prioritizes user privacy and does not collect personal data.

2. Telegram

Telegram offers a solid alternative to SMS. While messages are not end-to-end encrypted by default, users can enable Secret Chats for enhanced security. This feature prevents forwarding and limits access to messages, photos, videos, and documents.

3. WhatsApp

Despite its affiliation with Meta, WhatsApp is a popular alternative with billions of active users. It employs end-to-end encryption for message security, surpassing the safety provided by SMS. It's available on major platforms and is widely used among contacts.

In conclusion, SMS is not a recommended option for individuals concerned about personal cybersecurity and privacy. While it offers convenience, its security shortcomings are significant. 

Secure messaging apps with end-to-end encryption are superior alternatives, providing a higher level of protection for sensitive communications. If using SMS is unavoidable, caution and additional security measures are advised to safeguard information.
Read more »
WhatsApp
2FA Android App Bogus Apps Data Breach Pre-installed apps Signal User Data Leak User Privacy WhatsApp

Fake Android App Enables Hackers to Steal Signal and WhatsApp User Data

Cybercriminals have recently developed a highly sophisticated approach to breach the security of both WhatsApp and Signal users, which is concerning. By using a phony Android conversation app, cybercriminals have been able to obtain user information from gullible individuals. There are significant worries regarding the vulnerability of widely used messaging services in light of this new threat.

Cybersecurity experts have reported that hackers have been exploiting a spoof Android messaging software to obtain users' personal information without authorization, specifically from Signal and WhatsApp users. With its slick layout and promises of improved functionality, the malicious app lures users in, only to stealthily collect their personal information.

Using a traditional bait-and-switch technique, the phony software fools users into thinking they are utilizing a reliable chat service while secretly collecting their personal data. According to reports, the software misuses the required rights that users are requested to provide during installation, giving it access to media files, contacts, messages, and other app-related data.

Professionals in cybersecurity have remarked that this technique highlights the growing cunning of cybercriminals in taking advantage of consumers' trust and the weaknesses in mobile app ecosystems. It is emphasized that consumers should exercise caution even when they download programs from official app stores because harmful apps can occasionally evade detection due to evolving evasion strategies.

Researchers studying security issues advise consumers to protect their data right away by taking preventative measures. It is advised to carefully examine user reviews and ratings, confirm the app's permissions before installing, and exercise caution when dealing with unapproved sources. Moreover, setting two-factor authentication (2FA) on messaging apps can provide an additional degree of security against unwanted access.

Signal and WhatsApp have reaffirmed their commitment to user privacy and security in response to this new threat. Users are encouraged to report any suspicious behavior and to remain alert. The event serves as a reminder that users and platform providers alike share responsibility for cybersecurity.

Dr. Emily Carter, a cybersecurity specialist, has stressed that a proactive approach to digital security is crucial in light of the hackers' increasing strategies. Users must be aware of potential risks and exercise caution when interacting with third-party apps, particularly those that request an excessive amount of permissions."

The necessity for ongoing caution in the digital sphere is highlighted by the recent usage of a phony Android chat app to steal user data from Signal and WhatsApp. To avoid becoming a victim of these nefarious actions, consumers need to stay informed and take precautions as hackers continue to improve their techniques. People can contribute to the creation of a safer online environment by keeping up with the most recent cybersecurity trends and best practices.

Read more »
WhatsApp
Cyberattacks CyberCrime Cybersecurity End-to-End Encryption iMessage Privacy WhatsApp

E2E Encryption Under Scrutiny: Debating Big Tech's Role in Reading Messages

 


A recurring conflict between Silicon Valley and several governments is primarily about "end-to-end encryption," "backdoors," and "client-side scanning," which appear to be complex issues. However, in its simplest form, this issue boils down to the question: should technology companies be allowed to read people's messages?  

In the last few years, this fundamental dispute has rumbled. With such a platform, you can chat with others using popular platforms such as WhatsApp, iMessage, Android Messages, and Signal. These platforms offer end-to-end encryption to ensure your privacy.  

In response to a potential landmark law being considered by the UK government, Meta's Mark Zuckerberg is on a collision course with the UK government. This is over his continued plans to build ultra-secure messaging into all his apps despite a ban. Various governments around the world are closely watching the showdown to see who blinks first as they oppose popular technology as well. 

The biggest argument in technology, the argument about End-to-End encryption, backdoors, and client-side scanning, seems very complicated right now. There is, however, a simple question to answer to determine the outcome. What are the consequences of technology companies reading text messages? 

The crux of this disagreement has been brewing in Silicon Valley for years. It continues to have repercussions across the globe involving at least a dozen nations. There are several end-to-end encryption services in the market including WhatsApp, iMessage, Android Messages, and Signal.

This technology means that only the person sending the message, at one end, and the person receiving the message, at the other end, will be able to see, hear, and read the messages. There is no access to the content for anyone but the app makers. 

Messages are encrypted and decrypted using cryptographic keys stored on endpoints that are configured to handle them. Encryption is based on public key technology, which is very secure. 

Personalized, or asymmetric, encryption is composed of a private key and a public key shared with others. Upon sharing the public key, others can use the private key to encrypt a message and send it to the private key owner. Decrypting the message with the corresponding private key involves using the decryption key. 

Almost always, when two parties involved in an exchange communicate online, an intermediary is entrusted with the task of handling the messages between the two parties. There are usually a variety of intermediaries including servers that belong to ISPs, telecom companies, or a variety of other companies that serve as mediators.  

Using a public key infrastructure such as E2EE's, intermediaries are unable to intercept messages that are sent between parties. It is recommended to embed the public key within a certificate digitally certified by a recognized certificate authority (CA) to ensure that a public key is a legitimate key created by a legitimate recipient. It can be assumed that a certificate signed by that public key is authentic since its distribution and knowledge of the public key is widespread; the legitimacy of a certificate signed by the public key can be relied upon. 

There might be a case in which the CA would reject a certificate that has a different public key associated with the same name as the one associated with the recipient since the certificate identifies the recipient's name and public key. 

It is imperative to note that a system that provides end-to-end encryption ensures that only the parties involved in sending and receiving messages, media, and phone calls can access the content, including app developers. Governments and security agencies reluctantly accepted the rise of these encrypted apps as they gained immense popularity and became increasingly popular. The fact that end-to-end encryption was not the standard for Messenger and Instagram arose four years ago when Mark Zuckerberg, the CEO of Meta, announced plans to implement it in their applications. 

Having launched this ambitious project back in 2012, Meta has been diligently working on it ever since. However, there are insufficient details regarding the project progress and the switchover timeline. There have been growing concerns, leading to requests to halt the switchover or create safeguards to protect consumers. As well, law enforcement agencies such as Interpol, in several countries have expressed concerns about the technology. These countries include the United Kingdom, Australia, Canada, New Zealand, the United States, India, Turkey, Japan, and Brazil.

One of the most noticeable attempts to address this issue is the proposed Online Safety Bill in the UK. The paper suggests that technology companies must be encouraged to include backdoors in their systems that allow them to scan messages for illegal content. Even though this bill has sparked debates over the balance between privacy and security, it remains in the bill. There is no doubt that governments and law enforcement agencies believe that accessing message content is crucial for convicting criminals and protecting children from online grooming. However, opponents assert that end-to-end encryption is critical for maintaining privacy and safety online.

A recent survey conducted by the National Society for the Prevention of Cruelty to Children (NSPCC) revealed that 73% of the UK public believe that technology companies should have the legal obligation to scan private messages for child sexual abuse when they are in an end-to-end encrypted environment, according to the study conducted by YouGov. The Research Crime and Security Initiative has voiced concerns that the Online Safety Bill could have detrimental effects on end-to-end encryption, undermining privacy guarantees and setting the stage for citizen surveillance by repressive regimes to become more common. 

Adding to the discussion, WhatsApp and Signal have both announced that they will withdraw their services from the UK if security is compromised in favor of end-to-end encryption. It is thought that this may be their way of expressing their commitment to end-end encryption. The discussion about end-to-end encryption in Twitter messages was further sparked by Elon Musk's announcement of his plans to integrate it directly into the system. 

Although implementing end-to-end encryption is a complex process and a significant financial undertaking, technology companies view it as necessary to regain users' trust after several high-profile data breaches. As a result of this encryption, it becomes much harder to monitor content users share with others, which makes content moderation more challenging. 

There is a continuing debate between governments, privacy organizations, and tech companies regarding the ethical and legal ramifications of end-to-end encryption while negotiating a careful balance between privacy, security, and online abuses. 

Big Switchover 

End-to-end encrypted apps have grown in the last ten years as billions of people use them every day, making them one of the fastest-growing app categories. Law enforcement officers will likely lose out on one of their most critical sources of evidence if they cannot ask Meta for people's messages in the future. 

The government and security agencies were slow to accept that end-to-end encryption would, as a standard, be implemented in the Messenger and Instagram apps. This was until Facebook founder Mark Zuckerberg announced four years ago that apps would transition to end-to-end encryption. 

End-to-end: Undermines Privacy

In another letter published on Wednesday, 68 prominent defense and privacy researchers expressed their dissatisfaction with the Online Safety Bill for breaking end-to-end encryption, which shows the passion on both sides of this debate. 

As a result of the law, experts say tech firms cannot implement safety measures to prevent children from being harmed. However, they can maintain user privacy.

Rebuilding Trust

Despite this, WhatsApp and Signal have made it clear that they are strongly opposed to any compromise to the security of end-to-end encryption in the UK. 

Announcing in May that Elon Musk was incorporating end-to-end encryption into Twitter messages was not only a worry for those who criticize the technology but also compounded the problem for those who criticize it. A meta-analysis shows that switching to technology is one of the most challenging decisions companies have to make, but it is worth it in the end. 

After years of data scandals, big tech organizations feel regaining customers' trust in their services is the key to regaining customers' confidence.
Read more »
WhatsApp
BingeChat ESET ESET Research GravityRAT malware SpaceCobra WhatsApp

GravityRAT: ESET Researchers Discover New Android Malware Campaign


ESET researchers have recently discovered a new Android malware campaign, apparently infecting devices with an updated version of GravityRAT, distributed via messaging apps BingeChat and Chitaco. The campaign has been active since August 2022.

According to ESET researcher Lukas Stenfanko who examined a sample after getting a tip from MalwareHunterTeam, it was found that one of the noteworthy new features seen in the most recent GravityRAT version is the ability to collect WhatsApp backup files.

GravtiRAT

A remote access tool called GravityRAT has been used in targeted cyberattacks on India since at least 2015 and is known to be in use. There are versions for Windows, Android, and macOS, as previously reported by Cisco Talos, Kaspersky, and Cyble. However it is still unknown who is the actor behind GravityRAT, the group has been internally defined as SpaceCobra.

Although GravityRAT has been active since at least 2015, it only began specifically focusing on Android in 2020. Its operators, 'SpaceCobra,' only employ the malware in specific targeting tasks.

Current Android Campaign

According to ESET, the app is delivered via “bingechat[.]net” and other domains or distribution channels, however, the downloads require invites, entering valid login information, or creating a new account.

While registrations are currently closed, this method only enables the threat actors to distribute the malware to targeted users. Additionally, accessing a copy for analysis becomes more difficult for researchers. 

Upon installation on the target's smartphone, the BingeChat app makes dangerous requests for access to contacts, location, phone, SMS, storage, call records, camera, and microphone.

Since these are some typical permissions asked of the users for any instant messaging apps, the malicious app goes unsuspected.

The program provides call records, contact lists, SMS messages, device location, and basic device information to the threat actor's command and control (C2) server before the user registers on BingeChat.

Along with the aforementioned records, files, and document files of jpg, jpeg, log, png, PNG, JPG, JPEG, txt, pdf, xml, doc, xls, xlsx, ppt, pptx, docx, opus, crypt14, crypt12, crypt13, crypt18, and crypt32 types, have also been compromised.

While SpaceCobra’s malware campaign is mainly targeting India, all Android users are advised to refrain from downloading APKs anywhere other than Google Play and be very careful with potentially risky permission requests while installing any app.

Read more »
WhatsApp updates
Data Transfer legal and regulatory issues Meta Technology UPI WhatsApp WhatsApp Pay WhatsApp updates

Mata: Challenges in Data Transfer Between Countries May Affect Services


Meta, in a recent report, stated how its inability to transfer data "between countries and regions," where the company operates, may alter its ability to provide services to its users. The company added that this issue may further affect its financial results.

Apparently, Meta has been facing lawsuits in Europe and India, along with other jurisdictions for its 2016 and 2021 updates on WhatsApp on the basis of its service and privacy policy.

In a statement provided on Wednesday, Meta wrote, "If we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect our ability to provide our services, the manner in which we provide our services or our ability to target ads, which could adversely affect our financial results."

The multinational conglomerate further noted that countries like India and Turkey are apparently considering enacting legislation that requires local data storage and processing or is considering doing so already.

These legislative laws “could increase the cost and complexity of delivering our services, cause us to cease the offering of our products and services in certain countries, or result in fines or other penalties," the company said in Form 10-K.

The company has been under continuous legal and regulatory issues in a number of jurisdictions, one being India.

The Competition Commission of India is currently looking into the issue, investigating Meta for its alleged anti-competitive practices. Adding to this, the company is also facing lawsuits in regard to its unified payments interface (UPI) service WhatsApp Pay.

Amidst the ongoing investigations and legal actions, Amrita Mukherjee, Director, Legal, India operations, was purportedly fired by the corporation as part of a recent series of layoffs. The layoff has been a component of Meta's downsizing strategy, which was disclosed in March and will affect some 10,000 employees worldwide.

The issue is especially significant for Meta, since it has a weighty presence in India, with more than half a billion users utilizing its services.

The company's daily active users (DAUs) grew by 4% to 2 billion on average through December 2022 from the previous year, according to its annual report. The top three countries for DAU growth during that time were Bangladesh, the Philippines, and India.  

Read more »
WhatsApp
Elon Musk End-to-End Encrypted Messaging Services Online Safety Bill Signal Technology Twitter WhatsApp

Twitter Launches End-to-End Encrypted Messaging Services


Twitter has become the newest social media platform to be providing encrypted messaging service.

End-to-end Encryption 

Direct messages delivered on the platform will be end-to-end encrypted, i.e. private and only readable by the sender and receiver. However, Chief executive Elon Musk has warned Twitter users to “try it, but don’t trust it yet,” taking into account that it is only an early version of the service.

Only users of Twitter Blue or those connected to verified Twitter accounts are currently able to use the service, which is not yet available to the general public. Additionally, users can only send text and links in conversations for now; media attachments cannot yet be sent.

In a post on its support site, Twitter writes “It was not quite there yet” with encryption. "While messages themselves are encrypted, metadata (recipient, creation time, etc) are not, and neither is any linked content[…]If someone - for example, a malicious insider, or Twitter itself as a result of a compulsory legal process - were to compromise an encrypted conversation, neither the sender or receiver would know," it further read. 

Online Safety Bill Criticized 

Musk indicated his plans to make Twitter into a "super-app" with many features when he purchased it in 2022. There is not really a similar platform in the West to China's super-app WeChat, which can be used for anything from social media and restaurant ordering to payments and texting.

Since then, he has made a number of significant modifications to the social network, such as the addition of a subscription service and the elimination of the previous version of Twitter's blue tick badges, which were designed to combat the spread of disinformation.

For a long time, many Twitter users have demanded that the platform's private messaging function be made more secure. The UK, where the government's Online Safety Bill would impose additional rules for social media companies, reportedly in an effort to safeguard youngsters from abuse, may find Mr. Musk's timing unsettling.

Messaging services WhatsApp and Signal have both criticized this part of the Online Safety Bill, which is presently making its way through Parliament.

They expressed concerns that the legislation might weaken end-to-end encryption, which is seen as a crucial tool by privacy activists and campaigners.

Following this, heads of the two messaging platforms signed a letter demanding a rethink over the bill. According to them, the bill, in its current form, opens the door to "routine, general and indiscriminate surveillance" of personal messages. In regards to this, a Home Office spokesperson stated, "The Online Safety Bill applies to all platforms, regardless of their design and functionality. Therefore, end-to-end encrypted services are in scope and will be required to meet their duties of care to users."

"We have made clear that companies should only implement end-to-end encryption if they can simultaneously uphold public safety. We continue to work with the tech industry to collaborate on mutually agreeable solutions that protect public safety without compromising security," he added.

Read more »
WhatsApp
Cyber Security Data Safety Safety Security User Data User Safety WhatsApp

WhatsApp Users Alerted About Possible Scam Calls From International Numbers

 

As per experts, if you're receiving missed calls, messages, or WhatsApp calls from international numbers starting with +254, +84, +63, or others, it's advised to "report and block" them. The Indian Cybercrime Coordination Centre (I4C) of the Home Ministry is spreading this alert to protect people from falling prey to cybercrime. Forensics and data analysis experts, who are actively working to combat this issue for the government, have cautioned that these numbers may be originating from countries such as Singapore, Vietnam, and Malaysia. These international numbers may be used by malicious individuals to obtain financial information unlawfully.

"This is a new cybercrime trend. People across India irrespective of their profession have been receiving calls and missed calls on WhatsApp from +254, +84, +63, +1(218) or other international numbers, and some of them have become victims of cybercrime. It has become more frequent," an expert in cyber intelligence and digital forensics told ANI on condition of anonymity.

"Cyber awareness and hygiene are one of the important aspects in policing and it is a much-appreciated initiative," the official added.

"From early morning between 6 am to 7 am or late in the night, such calls are being received by people from all groups whether he or she is a private employee, businessman, retired government officer or even school and college boy or girl. We need to be just aware of such calls."

A message received from a number starting with +243 said: "Hello, my name is Allena, may I take a few minutes of your time?"

"Now that the 5G era of the Internet has arrived, there are already many people who make money through the Internet. I believe you know it too. I must be added to make money. If you don't speak, you may miss an opportunity at a turning point in your life. There are not many opportunities. I hope you see and then respond to my message," the message said.

If a person or organization is the victim of a cyber-attack, the situation can be reported on the cybercrime.gov.in website, according to the experts, who added that "focused work is being done by the central agencies with the help of I4C to curb the cyber menace."

In March, Union Home Minister Amit Shah visited the Indian Cyber Crime Coordination Centre (I4C) and stated that the wing is trying to realize Prime Minister Narendra Modi's goal of a cyber-success society. He went on to say that the I4C allows for effective and seamless cooperation among all agencies and states in the fight against cybercrime.

Since its inauguration in 2018, the Indian Cyber Crime Coordination Centre, a "special purpose unit" of the Centre, has saved over Rs 12 crore from cybercrime victims.
Read more »
WhatsApp
Data Breach Job Scam Malicious Apps Mandiant Threat Intelligence North Korean Hackers User Privacy WhatsApp

Using Employment Offers, North Korean Hackers Target Security Researchers

 

Security experts have been the victim of a hacking campaign by threat actors associated with the North Korean government that use cutting-edge methods and malware in an effort to infiltrate the organizations the targets work for, according to researchers.

As per researchers from security company Mandiant, they first became aware of the activity in June of last year while monitoring a phishing attempt that was aimed at a US-based client in the technology sector. By using three new malware families—Touchmove, Sideshow, and Touchshift—the hackers in this effort aimed to infect targets. In addition, while operating inside the cloud environments of their targets, the hackers in these assaults displayed new ability to evade endpoint detection technologies.

In order to communicate with their victims using WhatsApp, the attackers utilize social engineering to persuade them to do so. It is at this point that the malware payload 'PlankWalk' with a C++ backdoor, which aids in infiltrating the corporate environment of the target, is delivered.

In this operation, Mandiant believed UNC2970 targeted specifically security researchers. The North Korean threat actor, UNC2970, repeatedly breached US and European media organizations, prompting a reaction from Mandiant. In an effort to lure the targets and deceive them into installing the new virus, UNC2970 used spearphishing with a job advertisement theme.

Historically, UNC2970 has sent spearphishing emails with themes of employment recruitment to certain target organizations. The hackers approach their targets over LinkedIn and pose as recruiters for jobs before launching their attack. They eventually switched to WhatsApp to carry on the recruitment process, sharing a Word document with malicious macros.

Mandiant claims that these Word papers may occasionally be styled to fit the job descriptions they are marketing to their targets.The trojanized version of TightVNC is fetched using remote template injection performed by the Word document's macros from infected WordPress websites that act as the attacker's command and control servers.

The malware loads an encrypted DLL into the system's memory once it has been executed using reflection DLL injection.The loaded file is a malware downloader called 'LidShot,'which performs system enumeration and launches PlankWalk, the last payload that establishes a foothold on the compromised device.

Previously, North Korean hackers used phony social media identities that claimed to be vulnerability researchers to target security experts working on vulnerability and exploit development. Companies should also take into account other security measures, such as restricting macros, utilizing privileged identity management, conditional access policies, and security warnings. A dedicated admin account should be used for delicate administration tasks, and a another account should be used for email sending, web browsing, and similar activities.





Read more »
WhatsApp
End To End Encryption Government Database internet outage Message encryption Proxy Server User Privacy Vulnerabilities and Exploits. WhatsApp

WhatsApp Allows Communication Amid Internet Outages

On January 5, WhatsApp revealed a new feature that enables users to connect via proxy servers so they may continue using the service even when the internet is restricted or disrupted by shutdowns.

Concept of Whatsapp proxy 

When selecting a proxy, users can connect to WhatsApp via servers run by individuals and groups devoted to promoting free speech throughout the world. According to WhatsApp, using a proxy connection preserves the app's privacy and security settings, and end-to-end encryption will continue to secure private conversations. As per the firm, neither the proxy servers, WhatsApp, nor Meta will be able to see the communications that are sent between them.

When it comes to assisting users when WhatsApp is prohibited in a country, the messaging service stated, "If WhatsApp is restricted in your nation, you can utilize a proxy to connect and communicate with loved ones. End-to-end encryption will still be used to protect private communications while using a proxy connection to WhatsApp."

In accordance with the new rules, internet service providers had to remove anything that law enforcement regarded to be illegal and cooperate with police investigations, which included locating the authors of malicious materials.WhatsApp countered this claim by saying that it will continue to secure users' private messages and would not compromise their security for any government.

According to Juras Jurnas of the proxy and online data collecting company Oxylabs, "For persons with government restrictions on internet access, such as was the situation with Iran, utilization of a proxy server can help people keep a connection to WhatsApp as well as the rest of the public, internet free."

After activists in response to the death of Mahsa Amini, 22, while in police detention, the Iranian government restricted access to Instagram and WhatsApp last year. The suspension of Article 370 of the Indian Constitution by the Indian Parliament resulted in a shutdown of the internet in the state of Jammu & Kashmir. This state-imposed lockdown was implemented as a precautionary measure. Only two districts, Ganderbal and Udampur, have 4G availability. After 552 days without internet or with slow internet, the former state was finally connected to 4G on February 6th, 2021.

The business stated it is working to ensure that internet shutdowns never occur and that individuals are not denied human rights or prevented from seeking immediate assistance as these scenarios arise in various locations throughout the world. 

Internet platforms had to comply with police investigations, including locating the authors of malicious information and destroying anything that authorities had determined to be illegal, according to the new legislation.WhatsApp countered that it would maintain the privacy of users' private messages and would not compromise its security for any government.






Read more »
WhatsApp
Data Data Breach Data Safety data security Security WhatsApp

Experts Look into WhatsApp Data Leak: 500M User Records for Sale

 

On November 16, an actor advertised a 2022 database of 487 million WhatsApp user mobile numbers on a well-known hacking community forum. The dataset is said to contain WhatsApp user data from 84 different countries. 

According to the threat actor, there are over 32 million US user records included. Egypt (45 million), Italy (35 million), Saudi Arabia (29 million), France (20 million), and Turkey each have a sizable number of phone numbers (20 million). The dataset for sale also allegedly contains the phone numbers of nearly 10 million Russians and over 11 million UK citizens. The threat actor told Cybernews that they were selling the US dataset for $7,000, the UK dataset for $2,500, and the German dataset for $2,000.

Since such data is frequently used by attackers in smishing and vishing attacks, we advise users to be cautious of any calls from unknown numbers, as well as unsolicited calls and messages. According to reports, WhatsApp has more than two billion monthly active users worldwide. The seller of WhatsApp's database provided a sample of data to Cybernews researchers upon request. The shared sample included 1097 UK and 817 US user numbers.

Cybernews probed all of the numbers in the sample and was able to confirm that they are all WhatsApp users. The seller did not say how they obtained the database, only that they "used their strategy" to collect it, and assured Cybernews that all the numbers in the instance belong to active WhatsApp users.

Cybernews contacted WhatsApp's parent company, Meta, but received no immediate response. We will update the article as soon as we learn more. The data on WhatsApp users could be obtained by harvesting information at scale, also known as scraping, which is against WhatsApp's Terms of Service.

This claim is entirely speculative. However, large data dumps posted online are frequently obtained through scraping. Over 533 million user records were leaked on a dark forum by Meta, which has long been chastised for allowing third parties to scrape or collect user data. The actor was practically giving away the dataset for free.

Days after a massive Facebook data leak made headlines, a popular hacker forum listed an archive containing data purportedly scraped from 500 million LinkedIn profiles for sale. Phone numbers that have been leaked could be used for marketing, phishing, impersonation, and fraud.

Head of Cybernews research team Mantas Sasnauskas said, “In this age, we all leave a sizeable digital footprint – and tech giants like Meta should take all precautions and means to safeguard that data. We should ask whether an added clause of ‘scraping or platform abuse is not permitted in the Terms and Conditions’ is enough. Threat actors don’t care about those terms, so companies should take rigorous steps to mitigate threats and prevent platform abuse from a technical standpoint.”
Read more »
WhatsApp
internet outage Message Messaging Apps Outage Power Outage WhatsApp

WhatsApp: Instant Messaging App Services Restored After a 2 Hour Outage

The instant messaging app WhatsApp is restored after a two-hour-long outage on Tuesday. WhatsApp, with around a billion active users, was alerted about the global outage when hundreds of thousands of its online users reported the disruption in their messaging app. 

Reportedly, the instant messaging platform went down at 12:30 PM IST, on Tuesday. The users reported they were unable to send messages or make calls through the app, which was earlier thought of as a mere network connectivity issue. The outage was not limited to the smartphone users of the app, since users of WhatsApp web were also facing the same consequences of the disruption. 

As per a report by Downdetector, an online platform providing real-time stats and information regarding online web services, more than 11,000 online users had reported the outage, while in the United Kingdom the count was 68,000. While in Singapore, about 19,000 users reported disruption in the app since 07:50 GMT. 

Downdetector gathers status updates from various sources, including user-submitted errors on its platform, to keep track of outages. There may have been many users who were impacted by the outage. 

Additionally, WaBetaInfo, an online portal tracking WhatsApp services claimed that the issue is indeed from the server’s side and thus cannot be resolved from the online user’s end. 

Soon after acknowledging the issue, WhatsApp’s parent company Meta said that their engineers are working on the outage issue and will solve it as soon as possible. Following this, Meta Spokesperson even apologized to the users for the inconvenience.  

“We are aware that some people are currently having trouble sending messages and we are working to restore WhatsApp for everyone as quickly as possible,” says Meta Company Spokesperson. While the reason behind the outage is still not revealed by the parent company. 

Considering the popularity of the messaging app which has increasingly emerged as an important communication tool between users, businesses, and governments globally, over 100 billion messages are exchanged daily through WhatsApp as of 2020. This recent outage may have affected a large number of users, including government officials and telecom service providers.
Read more »
WhatsApp
Android Apps Data Fake Apps Mobile Phones Mobile Security Safety Scam Security SMS Access WhatsApp

This Unofficial WhatsApp Android App Caught Stealing Users’ Accounts

 

Kaspersky researchers discovered 'YoWhatsApp,' an unofficial WhatsApp Android app that steals access keys for users' accounts. Mod apps are promoted as unofficial versions of genuine apps that include features that the official version does not. 

YoWhatsApp is a fully functional messenger that supports extra features such as customising the interface and blocking access to specific chats. The tainted WhatsApp app requests the same permissions as the original messenger app, such as SMS access.

“To use the WhatsApp mod, users need to log in to their account of the legitimate app. However, along with all the new features, users also receive the Triada Trojan. Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app.” reported Kaspersky. 

“Along with the permissions needed for WhatsApp to work properly, this gives them the ability to steal accounts and get money from victims by signing them up for paid subscriptions that they are unaware of.”

This mod instals the Triada Trojan, which is capable of delivering other malicious payloads, issuing paid subscriptions, and even stealing WhatsApp accounts. More than 3,600 users have been targeted in the last two months, according to Kaspersky. The official Snaptube app promoted the YoWhatsApp Android app.

The malicious app was also discovered in the popular Vidmate mobile app, which is designed to save and watch YouTube videos. Unlike Snaptube, the malicious build was uploaded to Vidmate's internal store. YoWhatsApp v2.22.11.75 steals WhatsApp keys, enabling threat actors to take over users' accounts, according to Kaspersky researchers.

In 2021, Kaspersky discovered another modified version of WhatsApp for Android that offered additional features but was used to deliver the Triada Trojan. FMWhatsApp 16.80.0 is the modified version.

The experts also discovered the advertisement for a software development kit (SDK), which included a malicious payload downloader. The FMWhatsapp was created to collect unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) as well as the name of the app package in which they are deployed.

To be protected, the researchers advise:
  • Only install applications from official stores and reliable resources
  • Remembering to check which permissions you give installed applications – some of them can be very dangerous
  • Installing a reliable mobile antivirus on your smartphone, such as Kaspersky Internet Security for Android. It will detect and prevent possible threats.
Kaspersky concluded, “Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources may still fall victim to them. In particular, malware like Triada can steal an IM account, and for example, use it to send unsolicited messages, including malicious spam. The user’s money is also at risk, as the malware can easily set up paid subscriptions for the victim.”


Read more »
WhatsApp
Bug Facebook Meta Phishing Attacks Privacy Telegram WhatsApp

Pavel Durov: Users Must Cease Using WhatsApp Since it's a Spying Tool

WhatsApp is among the most popular messaging apps in the world. It was first launched in January 2009 and since then evolved to include audio and video calls, emojis, and WhatsApp Payments. However, criticism has also surrounded the well-known messaging app due to claims about privacy and security issues. 

Recently, WhatsApp disclosed a security flaw affecting its Android app that was deemed critical. Pavel Durov, the creator of Telegram, pokes fun at WhatsApp and advises users to avoid it. 

Hackers could have complete access to all aspects of WhatsApp users' phones, according to Telegram founder Pavel Durov. Additionally, he asserted that WhatsApp has been monitoring user data for the past 13 years while claiming that WhatsApp's security flaws were planned purposely.

Durov outlined Telegram's security and privacy characteristics by saying, "I'm not trying to convince anyone to use Telegram here. There is no need to promote Telegram more." He claimed that Telegram's instant messaging software prioritizes privacy. With more than 700 million active users as of right now, the app is apparently growing steadily, adding over 2 million new users every day.

Regarding security and privacy, WhatsApp states that all texts, chats, and video calls are provided with end-to-end encryption. However, the program has frequently experienced bugs and security problems, which have sparked concerns about its privacy.

In terms of private chats and user data, WhatsApp already has a complicated and distorted past. People have been worried about Facebook's handling of users' personal data ever since it purchased Meta in 2014. For revealing user data not just with governmental organizations but also with private parties, Meta has been criticized for a considerable time.

The rise in popularity of Telegram and Signal and other instant messaging services with a security and privacy focus can be attributed to this.

According to a recent report from Meta, WhatsApp users are susceptible to hacking due to a flaw in the way videos are downloaded and played back. If this flaw is exploited, hackers would have complete access to virtually everything on the phone of the WhatsApp user. Along with users' emails and pictures, this also contains other correspondence, such as SMS messages from various banks and app data from one's banking and payment apps.




Read more »
WhatsApp
Automobile Bank Cyber Fraud Fraud Message WhatsApp

WhatsApp Message Fraud Dupes Automobile Firm of Rs.1 Crore

 


A well-known automobile company, JBM Group, has been duped for Rs.1 Crore in yet another fraudulent incident that took place via fake WhatsApp messages. 

As per the police, the fraudster, in a WhatsApp message to the Chief Finance Officer of JBM, Vivek Gupta claimed to be the company’s vice chairman and had the money transferred to the bank accounts. As per the officials, a total of eight transactions had been made with seven different bank accounts, worth Rs 1,11,71,696. 

In the wake of the incident, an FIR has been registered against the unidentified fraudster under section 419 (cheating by impersonation), 420 (cheating) of IPC, and Section 66-D of IT Act at Cybercrime police station.

“The fraudsters claimed to be a JBM Group vice chairman Nishant Arya. The WhatsApp profile picture of the caller displayed Arya’s photograph. On verifying Truecaller, it reflected that the number belonged to Arya. I was also informed by the sender that he is busy in an important meeting, I could not directly call to make any further inquiry.” The CFO stated in his complaint. 

“I carried out the instructions of the sender under the bona fide impression that the instructions were coming from my superior Nishant Arya who needed to effectuate these transactions which were both very important and extremely urgent. The sums were transferred from two entities of the JBM Group, namely JBM Industries and JBM Auto. At the request of the sender, the UTR numbers confirming such transfers were also shared on the same WhatsApp chat,” Gupta further added. 

Serum Institute of India duped of Rs. 1 Crore via WhatsApp

Earlier this month, on September 7, a similar case was seen involving the Serum Institute of India (SII) which was duped for Rs. 1 Crore via a WhatsApp message sent by the threat actor posing as its CEO Adar Poonawalla. The messages were being sent to one of the institute’s directors. The transactions were then made to a few bank accounts, worth Rs. 1,01,01,554. 

The police officials are looking for the identity of the accused, the one who sent the fraudulent messages, and the holder of the bank accounts to which the transactions were made. 

How to Avoid Cyber Fraud?

With ever-increasing cases of cyber fraud via WhatsApp and other popular messaging platforms,  users are recommended to stay vigilant and follow exercise caution to avoid any scam that may result in financial loss. Users must follow the given steps in order to safeguard themselves against cyber fraud: 

1. Ensure to crosscheck the identity of a person or entity, if you receive messages from an unknown contact, claiming to be someone you know. 

2. Crosscheck the authentication of the source from where you are receiving the messages. 
 
3. Do not share your bank details with anyone. Since banks do not ask for such details, be cautious if the messages claim to be delivered from a bank. 

4. Do not click on the links sent by a suspicious number. The link may lead to malicious websites that are capable of duping you into revealing your passwords and sensitive information.

Cyberfraud has become an increasingly troublesome form of cybercrime as more and more people are falling prey to different forms and kinds of cyberfraud. While reporting it to the cybercrime branch of the police is one solution, netizens must stay wary of lures presented on social media to trap them for financial purposes.

Read more »
Subscribe to: Posts (Atom)