"WhatsApp-Spying Virus Found Infesting Knock-off Android Smartphones"

At least four counterfeit Android smartphones with Trojan malware in the system partition that targets WhatsApp and WhatsApp Business messaging apps have been discovered by Doctor Web security researchers. These Trojans are designed to execute arbitrary code in the apps and can be used in various attack scenarios. The interception of chats and the theft of confidential information contained by the apps are among the different attack scenarios. This malware is also capable of carrying out spam campaigns and various scam schemes. When users reported suspicious activity on their Android smartphones in July, the security vendor said it was alerted to the malicious software. The researchers found that the devices misled users by claiming they ran on Android 10, but it was discovered that all the impacted devices were running Android 4.4.2. The four knock-off Android smartphones include P48pro, radmi note 8, Note30u, and Mate40. Their names appear to be similar to the model numbers of well-known brands such as Huawei, Xiaomi, and Samsung, but the devices have nothing to do with those companies. Two files in these devices' system partitions are modified to enable various backdoors. When any application uses the "libcutils.so" file, it launches the Trojan from the "libmtd.so" file. The actions that are taken are determined by which program is using the "libcutils.so" library. If it is used by WhatsApp and WhatsApp Business messengers, or the 'Settings' and 'Phone' system apps, the Trojan copies another backdoor into the directory of the appropriate app and launches it. This article continues to discuss the discovery of some fake Android devices containing a backdoor to hack WhatsApp. 

MyBroadband reports "WhatsApp-Spying Virus Found Infesting Knock-off Android Smartphones"