Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label WhatsApp. Show all posts
WhatsApp
cybersecurity updates CyberThreat Digital Communication Privacy Private Cloud WhatsApp

WhatsApp Balances AI Innovation with User Privacy Concerns

 


Despite WhatsApp's position as the world's largest messaging platform, it continues to push the boundaries of digital communication by implementing advanced artificial intelligence (AI) features that enhance the experience for its users and enable the platform to operate more efficiently. It is estimated that WhatsApp has more than 2 billion active monthly users globally, and its increasing use of artificial intelligence technologies, such as auto-responses, chatbots, and predictive text, has resulted in significant improvements to the speed and quality of communication, a critical factor for businesses that are looking to automate customer service and increase engagement among their employees. 

Although there is a shift in functionality to be based on artificial intelligence, it does not come without challenges. With the increasing implementation of smart features, widespread concerns have been raised regarding personal information privacy and the handling of personal data. As a matter of fact, it is also important to keep in mind that for several years, WhatsApp's parent company, Meta, has been under sustained scrutiny and criticism for its practices concerning data sharing. 

It is therefore becoming increasingly apparent that WhatsApp is navigating the fine line between leveraging the benefits of artificial intelligence and preserving its commitment to privacy while simultaneously leveraging the benefits of AI. The emerging dynamic within the tech industry reveals a wider tension within the industry, in which innovations must be carefully weighed against ensuring user trust is protected. 

A new set of artificial intelligence (AI) tools has been released by WhatsApp, one of the most widely used messaging platforms. They will operate through the newly introduced 'Private Processing' system that WhatsApp has recently launched. It is a significant development for the platform to be making such advances in its efforts to enhance the user experience via artificial intelligence-driven capabilities, but it is also creating an open discussion regarding the implications for user privacy as well as the potential for encrypted messaging to gain traction in the future. 

When AI is integrated into secure messaging environments, it raises significant questions about the degree to which privacy can still be maintained while simultaneously providing more intelligent functionality. It is quite challenging for cybersecurity experts like Adrianus Warmenhoven from Nordvpn to strike a balance between technological advancements and the protection of personal data while maintaining the appropriate degree of privacy. 

It has been highlighted in a statement that Warmenhoven told Business Report that while WhatsApp's Private Processing system represents an impressive achievement in terms of protecting data, it is essentially a compromise. “Anytime users send data outside their device, regardless of how securely they do it, there are always new risks associated with it,” he said. A threat will not be a threat to users' smartphones; it will be a threat to their data centre. His remarks emphasise the need for ongoing supervision and caution as platforms like WhatsApp seek to innovate through the use of artificial intelligence, while at the same time maintaining the trust of their global user base.

The concept of Private Processing is a completely different concept in design as well as a fundamentally different concept in purpose. It is evident from comparison of Meta's Private Processing system with Apple's Private Cloud Compute system. The Private Cloud Compute platform of Apple is the backbone of Apple Intelligence, which enables a wide variety of AI functions across Apple's ecosystem. 

It prioritises on-device processing, only turning to cloud infrastructure when it is needed. This model is made up primarily of high-performance hardware, so it can only be used with newer models of iPhones and iPads, which means older phones and iPads will not be able to access these features. The Meta company, on the other hand, has its own set of constraints since it's a software-based company. Meta has to support a massively diverse global user base of approximately 3 billion people, many of whom use low-end or older smartphones. 

Therefore, a hardware-dependent artificial intelligence system like Apple's was inapplicable in this context. Rather, Meta built Private Processing exclusively for WhatsApp, making sure that it was optimised for privacy within a more flexible hardware environment, and was developed specifically for WhatsApp. 

Rohlf and Colin Clemmons, the lead engineers behind the initiative, said that they were seeking to create a system that could provide minimal value to potential attackers, even if they were to breach the system. It is designed in a way that minimizes the risks involved, as explained by Clemmons. However, the introduction of AI features into secure messaging platforms raises broader questions about how these features could interfere with the fundamental principles of privacy and security. 

According to some experts, the introduction of these features may be at odds with the fundamental principles of privacy and security as a whole. According to Meta, the integration of artificial intelligence is a direct reflection of changing customer expectations. As the company points out, users will increasingly demand intelligent features in their digital interactions, and they will migrate to platforms that provide them, which means AI is not just a strategic advantage, but companies also have to integrate into their platforms. 

By utilising artificial intelligence, users can automate complex processes and extract meaningful insights from large data sets, thereby improving their interaction with digital platforms. However, it must be noted that despite these advancements, the current state of AI processing-most of which is dependent on server-side large language models as opposed to mobile hardware-imposes inherent privacy concerns as a result of these advances. 

A user input is frequently required to be sent to an external server, thereby making the content of the requests visible to the service providers who process them. While this type of approach can be useful for a wide range of applications, it poses difficulties in maintaining the privacy standards traditionally upheld by end-to-end encrypted messaging systems. WhatsApp has developed its Artificial Intelligence capabilities to address these concerns, ensuring that user privacy is preserved at all times. 

With the platform, users can deliver intelligent features such as message summarisation without granting Meta or WhatsApp access to private conversations, as long as users do not share any information with Meta or WhatsApp. A key principle of this approach is that AI features, including those supported by Private Processing, are optional; therefore, all AI features, including those supported by Private Processing, must remain entirely optional; transparency, which requires clear communication whenever Private Processing is deployed; and control by the user. 

With WhatsApp's Advanced Chat Privacy feature, which allows users to exclude specific chats from AI-powered functions, such as Meta AI, users can secure their most sensitive conversations. With the help of this privacy-centric design, WhatsApp continues to embrace artificial intelligence in a way that aligns with the expectations of its users, delivering innovation while maintaining trust in safe, private communication for its users. 

Due to growing privacy concerns, WhatsApp has implemented a range of safeguards that aim to protect user data and incorporate advanced features at the same time. Messages are encrypted from start to finish on the sender's device, so they can only be decrypted by the intended recipient. End-to-end encryption is at the heart of the privacy framework. By limiting the visibility and lifespan of their communications using features like "View Once" and "Disappearing Messages", users can decrease the likelihood of sensitive information being mishandled or stored by limiting the visibility and lifespan of their communications. 

There have also been tools introduced on the platform that allow users to review and delete their chat history, thus giving them more control over their own data and digital footprints. Despite the fact that WhatsApp's privacy practices have been improved in recent years, industry experts have expressed concern about the effectiveness and transparency of WhatsApp's privacy policies, particularly when AI is incorporated into the platform. Several critical questions have been raised concerning the platform's use of artificial intelligence to analyse the behaviour and preferences of its users.

Furthermore, the company's ongoing data-sharing agreement with its parent company, Met, has raised concerns that this data might be used to target advertising campaigns, which has brought attention to the problem. As well as this, many privacy-conscious users have expressed suspicions of WhatsApp’s data-handling policies because of the perceived lack of transparency surrounding the company’s policies. WhatsApp will ultimately face a complex and evolving challenge as it attempts to balance the advantages of artificial intelligence with the imperative of privacy.

Even though artificial intelligence-powered tools have improved the user experience and platform functionality, there is still a need for robust privacy protections despite the introduction of these tools. As the platform continues to grow in popularity, its ability to maintain user trust will be dependent upon the implementation of clear, transparent data practices as well as the development of features that will give users a greater sense of control over their personal information in the future. As part of WhatsApp's mission to maintain its credibility as a secure communication platform, it will be crucial for the company to strike a balance between technological innovation and the assurance of privacy.
Read more »
WhatsApp
Cyberhackers Cybersecurity CyberThreat Data Breach Data Loss Global Security Telegram WhatsApp

Data Security Alert as Novel Exfiltration Method Emerges


Global cybersecurity experts are raising serious concerns over the newly identified cyber threat known as Data Splicing Attacks, which poses a significant threat to thousands of businesses worldwide. It seems that even the most advanced Data Loss Prevention (DLP) tools that are currently being used are unable to stop the sophisticated data exfiltration technique.

A user can manipulate sensitive information directly within the browser, enabling the attacker to split, encrypt or encode it into smaller fragments that will remain undetected by conventional security measures because they can manipulate data directly within the browser. By fragmenting the data pieces, they circumvent the detection logic of both Endpoint Protection Platforms (EPP) and network-based tools, only to be reassembled seamlessly outside the network environment in which they were found. 

As a further contributing factor to the threat, malicious actors are using alternatives to standard communication protocols, such as grpc and Webrtc, and commonly used encrypted messaging platforms, such as WhatsApp and Telegram, as a means of exfiltrating data. As a result of these channels, attackers can obscure their activities and evade traditional SSL inspection mechanisms, making it much more difficult to detect and respond to them. 

An important shift in the threat landscape has taken place with the introduction of Data Splicing Attacks, which require immediate attention from both enterprises and cybersecurity professionals. Data exfiltration, a growing concern within the cybersecurity industry, refers to the act of transferring, stealing, or removing a specific amount of data from a computer, server, or mobile phone without authorisation. 

Several methods can be used to perform this type of cyberattack, including a variety of cyberattacks such as data leakage, data theft, and information extrusion. The kind of security breach posed by this type of company poses a serious threat to the company, since it can result in significant financial losses, disruptions to operations, and irreparable damage to their reputation. This lack of adequate safeguarding of sensitive information under such threats emphasises the importance of developing effective data protection strategies. 

There are two primary means by which data can be exfiltrated from an organisation's network: external attacks and insider threats. Cybercriminals infiltrate an organisation's network by deploying malware that targets connected devices, which can be the result of a cybercriminal attack. A compromised device can serve as a gateway to broader network exploitation once compromised. 

Some types of malware are designed to spread across corporate networks in search of and extracting confidential information, while others remain dormant for extended periods, eschewing detection and quietly collecting, exfiltrating, and exchanging data in small, incremental amounts as it grows. As well as insider threats, internal threats can be equally dangerous in stealing data. 

A malicious insider, such as a disgruntled employee, may be responsible for the theft of proprietary data, often transferring it to private email accounts or external cloud storage services for personal gain. Furthermore, employees may inadvertently expose sensitive information to external parties due to negligent behaviour, resulting in the disclosure of sensitive information to outside parties. 

The insider-related incidents that take place at a company underscore the importance of robust monitoring, employee training, and data loss prevention (DLP) to safeguard the company's assets from outside threats. As a rule, there are many ways in which data exfiltration can be executed, usually by exploiting technological vulnerabilities, poor security practices, or human error in order to carry out the exfiltration.

When threat actors attempt to steal sensitive data from corporate environments, they use sophisticated methods without raising suspicion or setting off security alarms, to do so covertly. For organisations that wish to improve their security posture and reduce the risk of data loss, they must understand the most common tactics used in data exfiltration. 

Infiltrating a system using malware is one of the most prevalent methods, as it is malicious software that is intentionally installed to compromise it. When malware is installed, it can scan a device for valuable data like customer records, financial data, or intellectual property, and send that information to an external server controlled by the attacker, which makes the process stealthy, as malware is often designed to mask its activity to evade detection by a company. 

Data exfiltration is often accompanied by trojans, keyloggers, and ransomware, each of which is capable of operating undetected within a corporate network for extended periods. A similar method, phishing, relies on social engineering to trick users into revealing their login information or downloading malicious files. A cybercriminal can trick employees into granting them access to internal systems by craftily crafting convincing emails or creating false login pages.

When attackers gain access to a network, they can easily move across the network laterally and gain access to sensitive information. Phishing attacks are particularly dangerous because they rely heavily on human error to exploit human error, bypassing even the most sophisticated technological safeguards. The insider threat represents a challenging aspect of an organisation. 

It can involve malicious insiders, such as employees or contractors, who deliberately leak or sell confidential information for monetary, strategic, or personal gain. As an example, insiders can also compromise data security unintentionally by mishandling sensitive data, sending information to incorrect recipients, or using insecure devices, without realising it. No matter what the intent of an insider threat is, it can be very difficult to detect and prevent it, especially when organisations do not have comprehensive monitoring and security controls in place. 

Lastly, network misconfigurations are a great source of entry for attackers that requires little effort. When an internal system is compromised, it can be exploited by an attacker to gain unauthorised access by exploiting vulnerabilities such as poorly configured firewalls, exposed ports, and unsecured APIS. Once the attacker is inside, he or she can navigate the network by bypassing the traditional security mechanisms to locate and steal valuable information. 

Often, these misconfigurations don't become apparent until a breach has already occurred, so it is very important to conduct continuous security audits and vulnerability assessments. In order to safeguard critical information assets better, organizations must understand these methods so that they may be able to anticipate threats and implement targeted countermeasures. Increasingly, web browsers have become an integral part of workplace productivity, creating a significant threat surface for data leaks. 

As more than 60% of enterprise data is now stored on cloud-based platforms and is accessed primarily through browsers, ensuring browser-level security has become an extremely important concern. However, many existing security solutions have fallen short in addressing this challenge as recent research has revealed. It is very hard for proxy-based protections incorporated into enterprise browsers to identify sophisticated threats because they lack visibility. 

Nevertheless, these solutions are not capable of understanding user interactions, monitoring changes to the Document Object Model (DOM), or accessing deeper browser context, which makes them easily exploitable to attackers. The traditional Data Loss Prevention (DLP) systems on endpoints are also not without limitations. As a result of their dependence on browser-exposed APIs, they are unable to determine the identity of the user, track browser extensions, or control the flow of encrypted content in the browser. 

The constraints are creating a blind spot, which is increasingly being exploited by insider threats and advanced persistent attacks as a result of these constraints. It is especially problematic that these attacks are so adaptable; adversaries can develop new variants with very little coding effort, which will further widen the gap between modern threats and outdated security infrastructure, as well as allowing adversaries to build new variants that bypass existing defences. 

A new toolkit developed specifically for reproducing the mechanics of these emerging data splicing attacks has been developed by researchers to address this growing concern. The tool has been developed to respond to this growing concern. It is designed for security teams, red teams, and vendors to test and evaluate their current defences in a realistic threat environment rigorously to determine whether their current defences are adequate. 

It is the objective of Angry Magpie to help companies discover hidden vulnerabilities by simulating advanced browser-based attack vectors in order to evaluate how resilient their DLP strategies are. It is becoming increasingly apparent that enterprises need a paradigm shift in their approach to browser security, emphasizing proactive assessment and continuous adaptation in order to deal with rapidly changing cyber threats in the future. 

As data splicing attacks have become increasingly prevalent and current security solutions have become increasingly limited, enterprise cybersecurity is at a critical inflexion point. As browser-based work environments become the norm and cloud dependency becomes more prevalent, traditional Data Loss Prevention strategies need to evolve both in scope and sophistication, as well as in scale. As organisations, we need to move away from legacy solutions that do not offer visibility, context, or adaptability that are necessary for detecting and mitigating modern data exfiltration techniques. 

For cybersecurity professionals to remain competitive in the future, they must adopt a proactive and threat-informed defence strategy that includes continuous monitoring, advanced browser security controls, and regular stress testing of their systems through tools such as Angry Magpie. By taking this approach, organisations can identify and close vulnerabilities before they become exploitable, as well as ensure that there is a culture of security awareness throughout the workforce to minimise human error and insider threats. 

Security infrastructures must keep up with the rapidly growing threats and innovations in cyberspace as well to maintain a competitive advantage. Businesses need to acknowledge and commit to modern, dynamic defence mechanisms to increase their resilience and ensure the integrity of their most valuable digital assets is better protected as a result of emerging threats.

Read more »
WhatsApp
AI tools Gmail Google Privacy WhatsApp

Gmail Users Face a New Dilemma Between AI Features and Data Privacy

 



Google’s Gmail is now offering two new upgrades, but here’s the catch— they don’t work well together. This means Gmail’s billions of users are being asked to pick a side: better privacy or smarter features. And this decision could affect how their emails are handled in the future.

Let’s break it down. One upgrade focuses on stronger protection of your emails, which works like advanced encryption. This keeps your emails private, even Google won’t be able to read them. The second upgrade brings in artificial intelligence tools to improve how you search and use Gmail, promising quicker, more helpful results.

But there’s a problem. If your emails are fully protected, Gmail’s AI tools can’t read them to include in its search results. So, if you choose privacy, you might lose out on the benefits of smarter searches. On the other hand, if you want AI help, you’ll need to let Google access more of your email content.

This challenge isn’t unique to Gmail. Many tech companies are trying to combine stronger security with AI-powered features, but the two don’t always work together. Apple tried solving this with a system that processes data securely on your device. However, delays in rolling out their new AI tools have made their solution uncertain for now.

Some reports explain the choice like this: if you turn on AI features, Google will use your data to power smart tools. If you turn it off, you’ll have better privacy, but lose some useful options. The real issue is that opting out isn’t always easy. Some settings may remain active unless you manually turn them off, and fully securing your emails still isn’t simple.

Even when extra security is enabled, email systems have limitations. For example, Apple’s iCloud Mail doesn’t use full end-to-end encryption because it must work with global email networks. So even private emails may not be completely safe.

This issue goes beyond Gmail. Other platforms are facing similar challenges. WhatsApp, for example, added a privacy mode that blocks saving chats and media, but also limits AI-related features. OpenAI’s ChatGPT can now remember what you told it in past conversations, which may feel helpful but also raises questions about how your personal data is being stored.

In the end, users need to think carefully. AI tools can make email more useful, but they come with trade-offs. Email has never been a perfectly secure space, and with smarter AI, new threats like scams and data misuse may grow. That’s why it’s important to weigh both sides before making a choice.



Read more »
WhatsApp
AI Privacy Artificial Intelligence Auto-Saving CyberCrime Cybersecurity CyberThreat Technology WhatsApp

New WhatsApp Feature Allows Users to Control Media Auto-Saving

 


As part of WhatsApp's ongoing efforts to ensure the safety of its users, a new feature will strengthen the confidential nature of chat histories. The enhancement is part of the platform's overall initiative aimed at increasing privacy safeguards and allowing users to take more control of their messaging experience by strengthening the privacy safeguards. This upcoming feature offers advanced settings which allow individuals to control how their conversations are stored, accessed, and used, providing a deeper level of protection against unauthorized access to their communications. 

As WhatsApp refines its privacy architecture, it aims to meet the evolving expectations of its users about data security while strengthening their trust in it at the same time. WhatsApp's strategy of focusing on user-centric innovation reflects its focus on ensuring communication remains seamless as well as secure in an increasingly digital world, which is the reason for this development. As part of its continued effort to improve digital safety, WhatsApp has introduced a new feature that is aimed at protecting the privacy of conversations of its users.

With the launch of this initiative, the platform is highlighting its evolving approach to data security to create a user-friendly, secure messaging environment. As part of this new development, users will be able to customize how their chat data is handled within the app through a set of refined privacy controls. By allowing individuals to customize their privacy preferences, rather than relying solely on default settings, they will be able to tailor their privacy preferences specifically to meet their communication needs.

By using this approach, people are minimizing the risk that users will experience unauthorized access, and some are also enhancing transparency in how data is managed on their platform. In line with the broader shift toward ensuring users are more autonomous in protecting their digital interactions, these improvements are aligned with a greater industry shift. With WhatsApp's strong balance between usability and robust privacy standards, it continues to position itself as a leader in secure communication.

As social media becomes an increasingly integral part of our daily lives, it continues to prioritize the delivery of tools that prioritize the trust and resilience of its users as well as their technological abilities. During the coming months, WhatsApp plans on introducing a new feature that will allow users to take control over how recipients handle their shared content. 

There was a time when media files sent through the platform were automatically saved to the recipient's device, but now with this upcoming change, users will have the option of preventing others from automatically saving the media that they send—which will make it easier to maintain their privacy, whether it be in one-to-one or group conversations. This new functionality extends similar privacy protections to regular chats and their associated media, as well as disappearing messages. 

It will also be a great idea for users to activate the feature to get additional security precautions, such as a restriction on exporting complete chat histories from conversations where the setting is enabled. Even though the feature does not prevent individuals from forwarding individual messages, it does set stronger limits on the ability to share and archive entire conversations. 

By making this change to the privacy setting, users can limit the reach of their content while still having the flexibility to use the messaging experience as freely as possible. Another interesting aspect of this update is how it interacts with artificial intelligence software. When the advanced privacy setting is enabled, participants of that conversation will not be able to make use of Meta AI features within the chat when this setting is enabled.

It seems that this inclusion indicates an underlying commitment to enhancing data protection and ethical AI integration. The feature is still in the development stage, and WhatsApp is expected to refine and expand its capabilities in advance of its official release. Once it is released, it will remain an optional feature, which users will be able to choose to enable or disable based on their personal preferences. 

In addition to its ongoing improvements to the calling features of WhatsApp, it is rumoured that the company will launch a new privacy-focused tool to give users more control over how their media is shared. As a matter of tradition, the platform has always defaulted to store pictures and videos sent to users on their devices, and this default behaviour has created ongoing concerns about data privacy, data protection, and the safety of digital devices. 

WhatsApp has responded to this problem by allowing senders to decide whether the media they share can be saved by the recipient. Using this feature, WhatsApp introduces a new level of content ownership by giving the sender the ability to decide whether or not their message should be saved. The setting is presented in the chat interface as a toggle option, and functions similarly to the existing Disappearing Messages feature. 

In addition, WhatsApp has also developed a system to limit the automatic storage of files that are shared during a typical conversation. By doing so, WhatsApp hopes to reduce the risk of sensitive content being accidentally stored on unauthorized devices, shared further without consent, or stored on devices that are not properly secured. A user in an era when data is becoming increasingly vulnerable will certainly appreciate this additional control, which is particularly useful for users who handle confidential, personal or time-sensitive information. 

In addition to presently being in beta testing, this update is part of WhatsApp's overall strategy to roll out improvements in user-centred privacy in phases. Although the beta program will expand to a wider audience within the next few weeks, users enrolled in the beta program are the first ones to have access to the feature. To ensure early access to new functionalities, WhatsApp encourages users to keep their app up to date so that they can explore the latest privacy tools. 

To push users for greater privacy, WhatsApp has developed an advanced chat protection tool that goes beyond controlling media downloads to strengthen the user experience. In terms of data retention and third-party access, this upcoming functionality is intended to give users a greater sense of control over how they manage their conversations. 

By focusing on features that restrict how chats can be saved and exported, the platform aims to create an environment that is both safe and respectful for its users. The restriction of exporting entire chat histories is an important part of this update. This setting is activated when users enable the feature. 

Once users activate this setting, recipients will not be able to export conversations that include messages from users whose settings have been enabled by this feature. This restriction aims to prevent the wholesale sharing of private information by preventing concerns over unauthorized data transfers. However, the inability to send individual messages will continue to be allowed, however, the inability to export full conversations will ensure that long-form chats remain confidential, particularly those that contain sensitive or personal material. 

In addition, the integration of artificial intelligence tools is significantly limited because of this feature, which introduces an important limitation. As long as advanced chat privacy is enabled, neither the sender nor the recipient will be able to interact with Meta AI within a conversation when it is active. The restriction represents a larger shift towards cautious and intentional AI implementation, ensuring that private interactions are left safe from automating or analyzing them without the need for human intervention. 

 The feature, which is still under development, may require further refinements before it becomes widely available, but when it becomes widely available, it will be offered to users as an opt-in setting, so they have the option to enhance their privacy in any way that they choose.
Read more »
zero-click
Data Breach Hackers paragon Spyware WhatsApp zero-click

WhatsApp Fixes Security Flaw Exploited by Spyware

 



WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.  

The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.  

A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.  


How the Attack Worked  

Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.  

Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.  


Who Was Targeted?  

According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.  

Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.  


Spyware Linked to Government Agencies  

Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.  

Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.  


Who Is Behind Paragon Spyware?  

Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.  

Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.  

In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.  


Protecting Yourself from Spyware  

While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:  

1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.  

2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.  

3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.  

4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.  

Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.  


Read more »
WhatsApp
CyberCrime Cybersecurity CyberThreat Google Meet Microsoft Privacy skype WhatsApp

Skype's Role in Popularizing End-to-End Encryption Leaves a Lasting Mark


 

In recent years, Skype has established itself as the most popular online communication platform, and it is nearing its close, marking the end of an era for one of the most popular VoIP services in the world. The first version of Skype was created by Niklas Zennström and Janus Friis in 2003 to create a platform that would facilitate seamless internet-based communication among users. When Skype was founded in 2003, it revolutionized digital communication by pioneering video conferencing, instant messaging, and setting the foundation for the modern virtual world. 

As its name implies, Skype pioneered several innovations that revolutionized digital communication. Originally designed for voice calls using peer-to-peer technology, it enabled users to make low cost or free calls from the comfort of their own homes. By removing long-distance costs and allowing users to communicate globally even through cheap long-distance calls, Skype revolutionized digital communication, making global connectivity more accessible by eliminating the high costs associated with long-distance calls. It was launched in August 2003, and grew rapidly in popularity over the next few years. 

It should be noted that there is no need to compromise the privacy or security of your online conversations by implementing Skype's encryption protocols. This provides significantly greater safety and privacy when communicating online, unlike conventional telephone networks. During its peak, the platform had more than 300 million active users worldwide, establishing itself as an indispensable communication tool for activists, journalists, and individuals who valued confidentiality above all else. 

The security measures in place on the platform were so robust that it was difficult even for intelligence agencies to intercept communications through the platform. Among the most noteworthy aspects of these documents are the difficulties Egyptian intelligence authorities encountered in their attempt to compromise Skype calls, further underlining the platform's reputation for being a safe and reliable medium of communication. However, despite its historical significance, Skype has been facing increasing challenges in maintaining its relevance in the face of a host of more competitive alternatives, such as Zoom, Microsoft Teams, WhatsApp, and Google Meet. 

After Microsoft acquired Skype in 2011, its strategic focus has steadily shifted toward Teams and other tools that integrate to become more efficient and effective. Since the platform's user base is shrinking and the needs of the digital communication landscape are changing, it seems that discontinuing Skype seems like a natural progression. As the platform phaseout approaches, not only will it signal the end of an influential platform, but also that communication technologies will continue to evolve to meet the needs of modern connectivity. Almost one decade from now, Skype will cease operations, marking the end of a platform that has significantly shaped global communication. 

In its inception as a basic voice phone service, Skype has evolved into the most widely accepted video conferencing tool on the market. Through the development of Skype, individuals and businesses from around the world have been connected. Despite this, as technology advanced and new communication platforms emerged, Skype faced more competition from more innovative and integrated solutions as the market grew. 

Over the years, Skype's market dominance declined, resulting in losing relevance in the market. Discontinuing the platform signifies the end of one of the most revolutionary platforms to change digital communication in the past few decades, along with the continuing importance of adaptability and innovation to achieve future success. 

The Closure of Skype and the Evolution of Digital Communication


Sadly, the discontinuation of Skype marks the end of an important chapter in the history of digital communication. As a result, businesses and individuals alike will be required to make a large-scale shift as they move to more contemporary platforms that offer advanced features and seamless integration, resulting in a large-scale transition. Corporations need to rapidly adapt by shifting their communication frameworks to alternative services. Microsoft Teams has emerged as one of the most popular options due to its impressive set of collaboration tools, which are designed to meet the dynamic requirements of today's organizations. 

Seeking Alternatives to Skype 


Skype is undoubtedly nearing the end of its lifecycle, so users and organizations are actively looking for alternatives that will meet their communication needs. Microsoft Teams, with its comprehensive and integrated features, is one of the best options. 

As well as this, there are other platforms out there that are also gaining traction, such as Zoom Phone and RingCentral. These platforms offer a wide range of functionalities designed to cater to a variety of business requirements. Each service offers its benefits, allowing users to pick the solution that best matches their operational objectives. 

Skype’s Influence and Enduring Impact

Despite its early beginnings, Skype has played a significant role in shaping the way online communication is shaped ever since it launched in 2003 and was acquired by Microsoft the following year for $8.5 billion, as a widely recognized platform that helps facilitate virtual interactions all over the world. 

While Skype has continuously improved its capabilities over the years, it has struggled to remain at the top of an ever-more competitive market. Over the past few years, communication platforms that are more agile and feature-rich have emerged, resulting in Skype's relevance rapidly eroding, eventually leading to its demise. 

The Future of Digital Connectivity


Digital communication is constantly evolving. Platforms that seamlessly integrate messaging, voice, video, and collaboration tools are becoming increasingly important as a result of a continuing shift toward mobile-centric solutions and artificial intelligence-driven innovations that offer better user experiences and are more intuitive. 

A sophisticated, adaptive and user-friendly ecosystem will be the hallmark of the future of communication as technology advances. This ecosystem will help enhance connectivity, productivity, and security on both a personal and professional level. Government agencies have employed a variety of methods to monitor Skype users throughout the world. 

There was a bug in Skype that, according to Citizen Lab at the University of Toronto, allowed Chinese authorities to intercept messages in China. At the time, Tom-Skype, a joint venture between a local telecommunication provider and eBay, which owned Skype at the time, operated under Chinese authorities. 

As a result of Edward Snowden's leak of documents, it has become clear that Microsoft had modified Skype so that it would give the NSA access to calls and messages, undermining their encryption. It is expected that Skype will close on May 5, 2025 due to Microsoft's decision to shut down the platform, making it irrelevant with just 36 million users in 2023, far under its peak user base of 300 million. While its legacy still exists through the use of encryption technologies that continue to secure modern communication platforms, it has endured through the years.
Read more »
WhatsApp
AI Backdoor Data Encryption Pegasus Spyware Technology WhatsApp

Frances Proposes Law Requiring Tech Companies to Provide Encrypted Data


Law demanding companies to provide encrypted data

New proposals in the French Parliament will mandate tech companies to give decrypted messages, email. If businesses don’t comply, heavy fines will be imposed.

France has proposed a law requiring end-to-end encryption messaging apps like WhatsApp and Signal, and encrypted email services like Proton Mail to give law enforcement agencies access to decrypted data on demand. 

The move comes after France’s proposed “Narcotraffic” bill, asking tech companies to hand over encrypted chats of suspected criminals within 72 hours. 

The law has stirred debates in the tech community and civil society groups because it may lead to building of “backdoors” in encrypted devices that can be abused by threat actors and state-sponsored criminals.

Individuals failing to comply will face fines of €1.5m and companies may lose up to 2% of their annual world turnover in case they are not able to hand over encrypted communications to the government.

Criminals will exploit backdoors

Few experts believe it is not possible to bring backdoors into encrypted communications without weakening their security. 

According to Computer Weekly’s report, Matthias Pfau, CEO of Tuta Mail, a German encrypted mail provider, said, “A backdoor for the good guys only is a dangerous illusion. Weakening encryption for law enforcement inevitably creates vulnerabilities that can – and will – be exploited by cyber criminals and hostile foreign actors. This law would not just target criminals, it would destroy security for everyone.”

Researchers stress that the French proposals aren’t technically sound without “fundamentally weakening the security of messaging and email services.” Similar to the “Online Safety Act” in the UK, the proposed French law exposes a serious misunderstanding of the practical achievements with end-to-end encrypted systems. Experts believe “there are no safe backdoors into encrypted services.”

Use of spyware may be allowed

The law will allow using infamous spywares such as NSO Group’s Pegasus or Pragon that will enable officials to remotely surveil devices. “Tuta Mail has warned that if the proposals are passed, it would put France in conflict with European Union laws, and German IT security laws, including the IT Security Act and Germany’s Telecommunications Act (TKG) which require companies to secure their customer’s data,” reports Computer Weekly.

Read more »
zero click
Cyber Attacks Paragon Solutions Spyware WhatsApp zero click

WhatsApp Alerts Users About a Dangerous Zero-Click Spyware Attack

 


WhatsApp has warned users about a highly advanced hacking attack that infected nearly 90 people across 24 countries. Unlike traditional cyberattacks that rely on tricking victims into clicking malicious links, this attack used zero-click spyware, meaning the targets were hacked without taking any action.  


What Happened?

Hackers exploited a security vulnerability in WhatsApp to send malicious documents to the victims’ devices. These documents contained spyware that could take control of the phone without the user clicking or opening anything.  

According to reports, the attack was linked to Paragon Solutions, an Israeli company that develops spyware for government agencies. While governments claim such tools help in law enforcement and national security, they have also been misused to spy on journalists, activists, and members of civil society.  


Who Was Targeted?

The specific names of the victims have not been disclosed, but reports confirm that journalists and human rights advocates were among those affected. Many of them were based in European nations, but the attack spread across multiple regions.  

WhatsApp acted quickly to disrupt the attack and alerted the affected users. It also referred them to Citizen Lab, a cybersecurity research group that investigates digital threats.  


What is a Zero-Click Attack?  

A zero-click attack is a form of cyberattack where hackers do not need the victim to click, open, or download anything. Instead, the attack exploits weaknesses in apps or operating systems, allowing spyware to be installed silently.  

Unlike phishing attacks that trick users into clicking harmful links, zero-click attacks bypass user interaction completely, making them much harder to detect or prevent.  


How Dangerous Is This Spyware? 

Once installed, the spyware can:  

1. Access private messages, calls, and photos  

2. Monitor activities and track location  

3. Activate the microphone or camera to record conversations  

4. Steal sensitive personal data

Cybersecurity experts warn that such spyware can be used for mass surveillance, threatening privacy and security worldwide.  


Who is Behind the Attack?  

WhatsApp has linked the spyware to Paragon Solutions, but has not revealed how this conclusion was reached. Authorities and cybersecurity professionals are now investigating further.  


How to Stay Safe from Spyware Attacks

While zero-click attacks are difficult to prevent, you can reduce the risk by:  

1. Keeping Your Apps Updated – Always update WhatsApp and your phone’s operating system to patch security flaws.  

2. Enabling Two-Factor Authentication (2FA) – This adds an extra layer of security to your account.  

3. Being Cautious with Unknown Messages – While this attack required no interaction, remaining alert can help protect against similar threats.  

4. Using Encrypted and Secure Apps – Apps with end-to-end encryption, like WhatsApp and Signal, make it harder for hackers to steal data.  

5. Monitoring Unusual Phone Activity – If your phone suddenly slows down, heats up, or experiences rapid battery drain, it may be infected. Run a security scan immediately.  

This WhatsApp attack is a reflection of the growing threats posed by spyware. As hacking methods become more advanced and harder to detect, users must take steps to protect their digital privacy. WhatsApp’s quick response limited the damage, but the incident highlights the urgent need for stronger cybersecurity measures to prevent such attacks in the future.


Read more »
WhatsApp
Banking Scams Cyber Crime India WhatsApp

The Rising Problem of Banking Scams in East India

The Rising Problem of Banking Scams in East India

Currently, India is battling with a fake banking applications spoofing genuine institutions to loot credentials and money.

The scale of the campaign is massive, impacting around 900 different malware samples linked to more than 1000 different contact numbers used to commit frauds/scams. Experts from Zimperium found that malware was hiding in apps that imitiate financial institutions worth billion-dollars, aimed to target common man in India. 

The rise of banking scams in East India

Throughout India, majority of the people have been getting WhatsApp messages containing malicious Android Package Kit (APK) files. When downloaded, these malicious files change into  fake apps spoofing one or multiple banks- ICICI Bank, State Bank of India (SBI) and more. 

The apps demand targets to provide their personal financial info- this includes ATM PINs, debit/credit card numbers and PAN card deta- used for different government and financial reasons, for instance, opening a bank account or paying taxes- adhar card. 

Stealing confidential info

To let hackers get access into victims' bank accounts, the malware hacks one-time passwords and resends them either to a threat actor-controlled phone number or C3 servers operating on Firebase. 

Additionally, the malware uses stealth and anti-analysis measures such as "packing," where the malware is hidden, compressed, and encrypted in ways that its almost impossible to notice them. It self installs by exploiting accessibility service, and get all required permissions on users' devices by just poking a user to careless click "Allow" when the malware asks nicely. 

Zimperium chief scientist Nico Chiaraviglio says "since we don't see the app, it's not easy to uninstall it." He adds "you [have to deal with the] higher permissions. So if you want to uninstall the app, the device will say you cannot install it because it's a system app. You basically need to connect the phone to a computer and uninstall it using the Android Debug Bridge (ADB). It's not something that you can do from a regular user's standpoint."

The success behind scams in India

Dark Reading reports "Phone numbers tied to the campaign lovingly named "FatBoyPanel" have tended to concentrate in eastern states: West Bengal (30.2%), Bihar (22.6%), Jharkjand (10%)."

According to experts, two reasons add to the problem- use of outdated phones in India that aren't equipped with latest updates, and the rise of scammers trapping innocent victims.

Read more »
WhatsApp
New Media Privacy Social Media Spyware surveillance WhatsApp

WhatsApp Says Spyware Company Paragon Hacked 90 Users

WhatsApp Says Spyware Company Paragon Hacked 90 Users

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is done under the guise of national security, but in a few cases, it is aimed to suppress opposition and is a breach of privacy. 

Zero-click Spyware for WhatsApp

One such interesting incident is the recent WhatsApp “zero-click” hacking incident. In a conversation with Reuters, a WhatsApp official disclosed that Israeli spyware company Paragon Solutions was targeting its users, victims include journalists and civil society members. Earlier this week, the official told Reuters that Whatsapp had sent Paragon a cease-and-desist notice after the surveillance hack. In its official statement, WhatsApp stressed it will “continue to protect people's ability to communicate privately."

Paragon refused to comment

According to Reuters, WhatsApp had noticed an attempt to hack around 90 users. The official didn’t disclose the identity of the targets but hinted that the victims belonged to more than a dozen countries, mostly from Europe. WhatsApp users were sent infected files that didn’t require any user interaction to hack their targets, the technique is called the “zero-click” hack, known for its stealth 

“The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab,” Reuter reports. He didn’t discuss how it was decided that Paragon was the culprit but added that law enforcement agencies and industry partners had been notified, and didn’t give any further details.

FBI didn’t respond immediately

“The FBI did not immediately return a message seeking comment,” Reuter said. Citizen Lab researcher John Scott-Railton said the finding of Paragon spyware attacking WhatsApp is a “reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Ethical implications concerning spying software

Spyware businesses like Paragaon trade advanced surveillance software to government clients, and project their services as “critical to fighting crime and protecting national security,” Reuter mentions. However, history suggests that such surveillance tools have largely been used for spying, and in this case- journalists, activists, opposition politicians, and around 50 U.S officials. This raises questions about the lawless use of technology.

Paragon - which was reportedly acquired by Florida-based investment group AE Industrial Partners last month - has tried to position itself publicly as one of the industry's more responsible players. On its website, Paragon advertises the software as “ethically based tools, teams, and insights to disrupt intractable threats” On its website, and media reports mentioning people acquainted with the company “say Paragon only sells to governments in stable democratic countries,” Reuter mentions.

Read more »
WhatsApp
AI bots Artificial Intelligence Meta Technology WhatsApp

Meta's AI Bots on WhatsApp Spark Privacy and Usability Concerns




WhatsApp, the world's most widely used messaging app, is celebrated for its simplicity, privacy, and user-friendly design. However, upcoming changes could drastically reshape the app. Meta, WhatsApp's parent company, is testing a new feature: AI bots. While some view this as a groundbreaking innovation, others question its necessity and raise concerns about privacy, clutter, and added complexity. 
 
Meta is introducing a new "AI" tab in WhatsApp, currently in beta testing for Android users. This feature will allow users to interact with AI-powered chatbots on various topics. These bots include both third-party models and Meta’s in-house virtual assistant, "Meta AI." To make room for this update, the existing "Communities" tab will merge with the "Chats" section, with the AI tab taking its place. Although Meta presents this as an upgrade, many users feel it disrupts WhatsApp's clean and straightforward design. 
 
Meta’s strategy seems focused on expanding its AI ecosystem across its platforms—Instagram, Facebook, and now WhatsApp. By introducing AI bots, Meta aims to boost user engagement and explore new revenue opportunities. However, this shift risks undermining WhatsApp’s core values of simplicity and secure communication. The addition of AI could clutter the interface and complicate user experience. 

Key Concerns Among Users 
 
1. Loss of Simplicity: WhatsApp’s minimalistic design has been central to its popularity. Adding AI features could make the app feel overloaded and detract from its primary function as a messaging platform. 
 
2. Privacy and Security Risks: Known for its end-to-end encryption, WhatsApp prioritizes user privacy. Introducing AI bots raises questions about data security and how Meta will prevent misuse of these bots. 
 
3. Unwanted Features: Many users believe AI bots are unnecessary for a messaging app. Unlike optional AI tools on platforms like ChatGPT or Google Gemini, Meta's integration feels forced.
 
4. Cluttered Interface: Replacing the "Communities" tab with the AI tab consumes valuable space, potentially disrupting how users navigate the app. 

The Bigger Picture 

Meta may eventually allow users to create custom AI bots within WhatsApp, a feature already available on Instagram. However, this could introduce significant risks. Poorly moderated bots might spread harmful or misleading content, threatening user trust and safety. 

WhatsApp users value its security and simplicity. While some might welcome AI bots, most prefer such features to remain optional and unobtrusive. Since the AI bot feature is still in testing, it’s unclear whether Meta will implement it globally. Many hope WhatsApp will stay true to its core strengths—simplicity, privacy, and reliability—rather than adopting features that could alienate its loyal user base. Will this AI integration enhance the platform or compromise its identity? Only time will tell.
Read more »
WhatsApp
Cyber Attacks espionage Iran Israel spying surveillance Telegram WhatsApp

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Shin Bet, an Israeli Cybersecurity Service said recently it discovered over 200 Iranian phishing attempts targeting top Israeli diplomats to get personal information. Shin Bet believes the attacks were launched by Iranian actors through Telegram, WhatsApp, and email. 

The threat actors tried to bait targets into downloading infected apps that would give them access to victim devices and leak personal data like location history and residential addresses.

Iran Targeting Israeli Officials

The targeted senior officials include academicians, politicians, media professionals, and others

ShinBet said the stolen information would be used by Iran to launch attacks against Israeli nationals “through Israeli cells they have recruited within the country.” The targets were reached out with an “individually tailored cover story for each victim according to their area of work, so the approach doesn’t seem suspicious.”

In one case, the attacker disguised as a Cabinet Secretary lured the target saying he wanted to coordinate with PM Benjamin Netanyahu. Shin Bet has tracked the targets involved in the campaign and informed them about the phishing attempts. 

“This is another significant threat in the campaign Iran is waging against Israel, aimed at carrying out assassination attacks. We request heightened awareness, as cyberattacks of this type can be avoided before they happen through awareness, caution, suspicion, and proper preventative behavior online,” said a Shin Bet official.

Reasons for attack

Shin Bet “will continue to act to identify Iranian activity and thwart it in advance.” It believes the motive behind the attacks was to manage future attacks on Israeli nationals using information given by Israeli cells recruited by Iran. The campaign is a sign of an escalation between Iran and Israel, the end goal being assassination attempts.

The bigger picture

The recent discovery of phishing campaigns is part of larger targeted campaigns against Israel. In September 2024, 7 Jewish Israelis were arrested for allegedly spying on IDF and Israeli security figures for Iran. 

The Times of Israel reports, “Also in September, a man from the southern city of Ashkelon was arrested on allegations that he was smuggled into Iran twice, received payment to carry out missions on behalf of Tehran, and was recruited to assassinate either Israel’s prime minister, defense minister, or the head of the Shin Bet.”

Read more »
WhatsApp
AI Advancements CyberCrime Cybersecurity CyberThreat New Transition Privacy Threat Technology Usernames WhatsApp

WhatsApp Moves Toward Usernames, Phasing Out Phone Numbers

 


WhatsApp has announced enhancements to its contact management features, allowing users to add and manage contacts from any device. Previously, contact management was limited to mobile devices, requiring users to input phone numbers or scan QR codes. The update will soon enable users to manage contacts via WhatsApp Web and Windows, with plans to expand to other linked devices. Meta has revealed some exciting new features coming to WhatsApp, making it simpler to add and manage contacts. 

Soon, users will be able to privately add and manage their contacts, no matter what device they’re using. While the messaging platform already offers cross-platform support, users were able to add a new contact only via the primary Android phone or iOS handset — by adding a phone number or scanning a QR code. 

It's particularly a problem in the age when WhatsApp wants to be everywhere, with cross-device syncing between users' smartphone, web, and desktop apps. If users wanted to add a new contact while using WhatsApp on their computer, for example, too bad: Users needed to use their smartphone.

Now, however, WhatsApp is fixing the issue: The company announced on Tuesday that WhatsApp will soon let users add and store their contacts on any device, including the web or the desktop app, meaning they will no longer need to open their smartphone app just to save a contact. This can be handy, especially for business users, now that WhatsApp lets users run two different accounts on one device. Users can save contacts to their business WhatsApp account without crowding their phone's contact book. According to WhatsApp, the contacts will be saved using a new encrypted storage system called Identity Proof Linked Storage (IPLS). 

The system will generate an encrypted key every time users save a contact. In effect, their saved contacts are protected by encryption: Only users can retrieve their contacts from WhatsApp's servers. In a press release, WhatsApp notes that users will soon be able to add and manage contacts through WhatsApp Web and also through Windows platforms or their preferred devices, like Android tablets. In some cases, users would want a certain contact only on WhatsApp and not as a contact on their phone contacts list. The messaging platform also adds such possibility, making handling personal and business numbers easier.

It helps when people have more than one account on their device. WhatsApp adds that contacts saved on the messaging platform can be readily restored when a user switches devices, which will be useful if they lose their smartphones and phone numbers. The messaging platform's primary aim with the introduction of these new capabilities is to eventually "manage and save contacts by usernames." Usernames aren't new, and most Android apps and even Meta-owned apps like Instagram utilize them. 

They create a unique identity for a person, irrespective of their phone number. This is an extra layer of privacy on the platform, which is likely to be coming soon to WhatsApp. Future updates will include the ability to manage contacts using usernames, enhancing privacy by eliminating the need to share phone numbers. This development aims to provide users with greater control and security over their contact information. WhatsApp is undergoing significant changes, moving toward implementing usernames as an alternative to traditional phone numbers for managing contacts on its platform. This transition marks a strategic effort to offer users more privacy and flexibility in their communication. 

One of the key benefits of this new approach is the convenience it provides to users who maintain multiple WhatsApp accounts on a single device. The introduction of usernames will streamline account management, allowing users to distinguish between different accounts more easily. Furthermore, when switching devices, users will find it simpler to restore contacts, even if they have lost access to their original smartphone or phone number. This added capability ensures continuity and simplifies the process of transitioning between devices. 

WhatsApp's long-term vision for this initiative is to enable contact management through usernames rather than relying solely on phone numbers. By doing so, the platform aims to enhance user privacy and offer more control over personal information. This shift will allow individuals to share their WhatsApp contact details without disclosing their phone number, thereby reducing the risks associated with sharing sensitive information and improving overall user security. 

The use of usernames as unique identifiers is not a novel concept in the tech world; many popular Android applications, including Meta-owned platforms like Instagram, have successfully integrated username-based systems for contact management. This model not only fosters a more secure environment but also allows users to establish a distinct identity separate from their phone number. In upcoming updates, WhatsApp is expected to further expand these capabilities by enabling more comprehensive contact management through usernames. 

The new features will likely include options for managing contacts and other privacy settings more intuitively, reinforcing the messaging platform's commitment to providing a more secure and user-friendly experience. As WhatsApp adopts these changes, it sets the stage for a more privacy-focused approach, empowering users to protect their contact information while maintaining the convenience of seamless communication. With these updates, WhatsApp continues to position itself at the forefront of secure and versatile communication technology. 

By embracing usernames and enhancing cross-device functionality, the platform not only addresses the evolving needs of its users but also anticipates future trends in digital privacy and convenience. The introduction of encrypted contact storage and flexible management options further solidifies WhatsApp's commitment to protecting user data while streamlining the user experience. As the platform gradually shifts away from phone number dependency, it ushers in a new era where privacy, security, and usability are given paramount importance, setting a standard for other messaging services to follow.
Read more »
WhatsApp
Google malware Minecraft Necro Trojan Play Store Spotify WhatsApp

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

Necro Malware Attacks Google Play Store, Again. Infects 11 Million Devices

A new variant of Necro malware loader was found on 11 million Android devices through Google Play in infected SDK supply chain attacks. The re-appearance of Necro malware is a sign of persistent flaws in popular app stores like Google. 

A recent report by Kaspersky suggests the latest version of Necro Trojan was deployed via infected advertising software development kits (SDK) used by Android game mods, authentic apps, and mod variants of famous software, such as Minecraft, Spotify, and WhatsApp. The blog covers key findings from the Kaspersky report, the techniques used by threat actors, and the impact on cybersecurity. 

What is Necro Trojan 

Aka Necro Python, the Necro Trojan is an advanced malware strain active since it first appeared. Malware can perform various malicious activities such as cryptocurrency mining, data theft, and installation of additional payloads. The recent version is more advanced, making it difficult to track and eliminate. 

Distribution of Necro Trojan

Users sometimes want premium or customized options that official versions don't have. But these unofficial mods, such as GB WhatsApp, Spotify+, and Insta Pro can contain malware. Traditionally, threat actors used these mods because they are distributed on unofficial sites that lack moderation. 

However, in the recent trend, experts discovered actors targeting official app stores via infected apps

In the latest case, Trojan authors abused both distribution vectors, a new variant of multi-stage Necro loader compromised modified versions of Spotify, Minecraft, and other famous apps in unofficial sources, and apps in Google Play. "The modular architecture gives the Trojan’s creators a wide range of options for both mass and targeted delivery of loader updates or new malicious modules depending on the infected application,” said the report.

Key Findings

  • The downloaded payloads can display ads in invisible windows, and interact with them. They can also execute arbitrary DEX files, install download apps, open arbitrary links in invisible WebView windows and run JavaScript, run a tunnel via the victim's device, and subscribe to paid services. 
  • The new variant of the Necro loader uses obfuscation to escape detection. 
  • The loader deployed in the app uses steganography tactics to hide payloads 

Read more »
WhatsApp
Cyber Attacks CyberCrime Cyberhackers Cybersecruity CyberThreat WhatsApp

WhatsApp Bans 7.1 Million Indian Users, Warns of More Bans for Rule Violations

 



A Meta-owned company called WhatsApp announced on Saturday that the company had banned more than 7.1 million Indian WhatsApp accounts for violating local laws in April. Approximately 1,302,000 of the 7,182,000 banned WhatsApp accounts were proactively blocked before any user reports. A company statement states that there are 7,182,000 banned WhatsApp accounts. Each month, thousands of Indians who are reported as scammers or violating the platform's privacy policies are banned. 
 
According to the latest India Monthly Report published by Meta, between April 1, 2024, and April 30, 2024, nearly 71 lakh Indian accounts were banned by the instant messaging service, a move to curb misuse and maintain platform integrity. Also, the company has assured us that in the future it will continue to implement more bans for users that continue to violate its rules.

As of April 1, 2018, WhatsApp banned a total of 7,182,000 accounts, of which 1,302,000 were proactively banned before any complaints from users. Taking this proactive approach is an integral part of WhatsApp's overall strategy to prevent abuse before it occurs. The company uses advanced machine learning and data analytics to identify suspicious behaviour patterns that indicate abuse before it occurs. 

The company received 10,554 reports from users in April 2024 regarding various topics such as account support, ban appeals, product support, and safety concerns. According to the stringent criteria for taking action on an account, there were only six accounts which were acted upon in response to these reports. 

A ban on Indian accounts is a clear indication that WhatsApp is complying with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 by publishing compliance reports detailing the actions taken to address the grievances and violations of law as outlined in the Rules. It is clear from the latest report from June 2024 that WhatsApp is doing a good job of curbing harmful behaviour by utilizing user complaints as well as the sophisticated detection mechanisms it has in place. 

In the opinion of some experts, the account "Actioned" refers to complaints on which WhatsApp has taken remedial action. It was also explained by WhatsApp that it had received two orders from the Grievance Appellate Committee of the country, and was able to comply with them both, as outlined in its monthly compliance report. As per the report, the new Indian IT Rules of 2021 appear to have been followed. 

The company, from what we can gather, appears to employ a team of engineers, data scientists, analysts, researchers, and experts in law enforcement, online safety, and technology development to oversee its efforts to ensure these efforts are carried out effectively. Despite its multi-faceted approach to detecting and preventing abuse, WhatsApp is claimed to use a multi-layered approach to prevent abuse. It assumes that a user's account lifecycle involves various stages that may be compromised or might cause potential issues. 

To detect and block suspicious registrations during the process of creating a WhatsApp account, WhatsApp has constructed a vulnerable mechanism. With this, WhatsApp can prevent bad actors from entering the platform in the first place and causing problems for the platform. As part of its use of ITA algorithms, WhatsApp also continuously scans messages for patterns that are indicative of harmful behaviour and sends notifications accordingly. As part of this, you may receive spam messages, threats, or misinformation that spreads across the Internet.

It is very important to note that WhatsApp takes its customers' feedback into account as well as playing a vital role in the scanning of accounts. A user's action of reporting or blocking contacts contributes to the detection system of WhatsApp when it comes to that contact. It is this initiative that may lead to WhatsApp taking further action and possibly barring accounts from using the service. In addition to this, WhatsApp has a dedicated team of analysts who are constantly looking for ways to improve the efficiency of the system by examining complex or unusual cases.
Read more »
Subscribe to: Posts (Atom)