One-Click Away On Your iOS and Android Phones With Just One WhatsApp Click

By VARINDIA - 2019-09-27

A modern and highly sophisticated malware campaign targets a Tibetan groups to exploit and install spyware , permanent tracker installed on their mobile (iPhone and Android devices). The spyware is delivered through WhatsApp message, all user need to do is a single click on the link within the WhatsApp text, researchers claimed.

According to Canadian researchers the POISON CARP employees “eight Android browser exploits and one Android spyware kit, as well as one iOS exploit chain and iOS spyware.”

It’s being labeled the most sophisticated attack on Tibetans yet, after attempts were made to steal WhatsApp and Facebook chats as well as locations with some novel techniques. Forbes reported.

The hackers, believed to be sponsored by the Chinese government, have been dubbed Poison Carp by Citizen Lab, a group of surveillance-tracking researchers at the University of Toronto. The crew lured targets to open messages by pretending to be journalists or charity workers.

The Canadian researchers found technical links between Poison Carp and the group revealed to be targeting the iPhones and Android devices of Uighurs by Google Project Zero and Volexity in August. In particular, the same iPhone malware was used in both sets of attacks, while a website used to launch malicious code at Androids was the same.

None of those vulnerabilities were new, though in one case, the attackers tried to exploit a Google Chrome bug whose patch had not yet been deployed to users. Otherwise, anyone who was running an up-to-date Android or iOS at the time should’ve been protected from infection. But for those who didn’t update and were successfully hacked, their WhatsApp and Facebook messages, location, contacts, call and text histories, and Gmail emails could’ve been sent back to the snoops.

Each and everyday cyber attacks are evolving and Social Engineering plays a significant role in this campaign, the threat actor engaged in active conversation to infect the targets and to install the spyware on their device.

According to Bitly stats as of September 6, 2019, 140 clicks on the iOS exploits and the exploit chain designed targeting iOS versions 11 – 11.4. The exploit chain was reported to Apple security who confirmed both the browser and privilege escalation exploits and it was patched with iOS 11.4.1 in July 2018.as per the report from gbhackers.

The malware collection application data such as location data, contacts, call history, SMS history, and the following device information.

The Android Exploit dubbed MOONSHINE, like the iOS exploit it too delivered through WhatsApp, if the targets open the links via Chrome-based Android browser, it asks users to open the link via Facebook app’s built-in Chrome-based web browser.

Name:
Email:
Comment:

INTERVIEWS

"Providing unprecedented value to Enterprises in realizing their digital strategy"

"We believe in providing the best value proposition to our vendors and channel partners through continuous improvement and responsive"

"Our main goal is to equip businesses with the most necessary, beneficial technology in their niche"

Forescout aspires to deliver “Data Powered Security” aligned with Make in India

"Our prime motive remains to focus more on retail and expand by opening new Exclusive Stores in different cities of Odisha"

"We have been constantly upgrading our portfolio of solutions and skills to keep up with the fast changing digital world"

TOP VIDEOS

Democratisation of e-commerce is the need of the hour

It is time to regulate India’s E-Commerce framework with ONDC

Global 5G connections to touch 3.2 billion by 2026

Artificial Intelligence technologies are being weaponised by the hackers

5G and 6G will change consumers life with Metaverse and AI

CIO - SPEAK

Upkar Singh, VP-IT, RMSI “My Very Educated Mother Just S...

Remote workers are happier and more productive than in-office staffs

Ajay Yadav Head- IT & SAP, SBL Remote work – Key trends...

Continuous engagement with employees keeps motivated

Avneesh Vats Head-IT, Convergence Energy Services Remote work &nd...

Start-Up and Unicorn Ecosystem

Fortinet Fabric-Ready Technology Alliance Partner program re...

Tech Mahindra and Pegasystems to offer an expanded technolog...

Qualcomm FastConnect connectivity solutions to be optimized...

UiPath and Adobe to automate end-to-end digital document pro...

Mindtree and Finastra to offer managed services solutions to...

Delhi & NCR Vi customers to enjoy stronger indoor 4G connect...

LTTS to work with IIT-Gandhinagar and Pandit Deendayal Energ...

Adversaries behind ransomware are targeting organizations of...

Web3 and NFTs will continue to evolve for creating new marke...

Hyperscale cloud providers is the answer to the demand for E...

SECURITY

Barracuda announces new, enhanced capabilities for WAAP

Barracuda Networks has announced the expansion of Barracuda Cloud Application Protection,...

A year-long Chinese Cyber Espionage Campaign in Russia now targets Defense Research Institutes

Check Point Research (CPR) detects an ongoing, cyber espionage operation targeting Russian...

Barracuda to protect hybrid cloud deployments with its expanded cloud-native SASE platform

Barracuda Networks has announced the expansion of its cloud-native SASE platform. Barracud...

SOFTWARE

Pega collaborates with Celebrus to introduce Always-On Insights for more timely and personalized customer outreach

Pegasystems Inc. announced Always-On Insights, a new offering combining Pega Customer Deci...

AMD intros Kria KR260 Robotics Starter Kit for Intelligent Factory of the future

AMD announced the Kria KR260 Robotics Starter Kit, the latest addition to the Kria portfol...

West Midlands Police deploys Exterro’s Cloud-based Digital Forensics Platform

The provider of Legal GRC software, Exterro Inc. announced that the West Midlands Police a...

START - UP

B2B Marketing Automation Solution start-up Inflection raises $5M in Seed Funding

US and India-based Inflection.io, a B2B Marketing Automation Solution, has received a $5 m...

GreyOrange Closes $110 Million Growth Financing

GreyOrange, the global leader in automated robotic fulfillment and inventory optimization...

OPPO India with Microsoft introduce 2nd edition of Elevate program

Building on its vision to drive innovation from India, OPPO India announced its collaborat...

SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) -2018
BANGALURU

STAR NITE AWARDS(SNA) - 2018
NEW DELHI

ODISHA INFORMATION TECHNOLOGY FAIR(OITF)-2019
BHUBANESWAR

WESTERN INDIA INFORMATION TECHNOLOGY FAIR(WIITF) - 2019
MUMBAI

PERIPHERALS

Kingston FURY unveils the DDR5 SODIMMs

Kingston FURY, the gaming division of Kingston Technology has announced the release of Kin...

ViewSonic introduces a single cable Type-C Business Monitor in India

ViewSonic India has announced the launch of VG2455, a single cable Type-C monitor, a displ...

Intel launches seven new mobile processors to its 12th Gen Core family

At Intel Vision 2022, Intel announced seven new mobile processors to the 12th Gen Intel Co...

COLORFUL unveils the iGame Z690D5 Ultra Motherboard

Colorful Technology Company has introduced the iGame Z690D5 Ultra motherboard for the 12th...

INDUSTRY EVENTS

Industry leaders layout the collaborative 5G Opportunities and capabilities for country’s digital transformation

Leading telecommunications experts and industry leaders connected and brainstormed ideas f...

VeeamON 2022 kicked off with insightful sessions on data protection

Veeam Software has kicked off its annual user conference, VeeamON 2022, delivering a rich,...

DoT, Rajasthan LSA conducts webinar on awareness for mobile tower myths and tower frauds

Department of Telecommunications (DoT), Jaipur License Service Area (LSA) organized an awa...

Microsoft Future Ready Industry week stresses on key trends driving digital transformation in the ITES sector

Microsoft’s Future Ready Industry week, ITES edition brought together industry lumin...

E- COMMERCE

BIAL intros omnichannel payment solution in partnership with Kotak and Phi Commerce

With an aim to facilitate a seamless payment experience for customers, Bangalore Internati...

Airtel partners with Axis Bank to bolster India’s digital ecosystem

Bharti Airtel and Axis Bank have announced a strategic partnership to strengthen the growt...

Shopee to face the FIR in UP for Selling fake products

The FIR has been issued against Ankit Upadhyay who is heading the India business, Sriram G...

Amazon's acquisition of Cloudtail, raises many question marks ?

Amazon’s takeover of Cloudtail violates India’s FDI rules, says The Confederat...

MOVERS & SHAKERS

Ex GitHub executive Maneesh Sharma joins LambdaTest as COO

Maneesh Sharma, who was previously with GitHub as General Manager for India, has joined La...

Devanshu Bajpai joins ZStack as the Country Manager-India

Devanshu Bajpai resumes ZStack joins ZStack International Information Technologies Limited...

Forcepoint ropes in NICE CFO Beth Gaspich to Board of Directors

Forcepoint announced the appointment of Beth Gaspich, Chief Financial Officer at NICE, to...

Ganesh Natarajan joins Advisory board of Centre for Innovation in Public Policy

Dr Ganesh Natarajan, a renowned technology futurist, business builder and entrepreneurship...

CHANNEL - BUZZ

Redington India reports strong double-digit growth in Q4 and FY’22 Results

Redington (India) Ltd (NSE: REDINGTON), today announced its financial results for the quar...

Ingram Micro India signs distribution agreement with Submer

Ingram Micro India is pleased to announce a distribution agreement with Submer: “Cre...

ManageEngine reveals expansion plans for India, the company turns 20

ManageEngine, the enterprise IT management division of Zoho Corporation, announced its pla...

TAIT-SAVEX IT Cricket Cup 2022

Cricket is not the national sport of India but it is certainly a festival, a celebration,...