WhatsApp has been the victim of a new espionage campaign. Security researchers at the University of Toronto's Citizen Lab discovered that spyware managed to compromise 90 WhatsApp users, including journalists and members of civil society.
Based on Citizen Labs' reports, WhatsApp conducted an investigation. The messaging service realized that the attack relied on a virus called Graphite. Developed Developed by Paragon, a specialized Israeli company, the malware was capable of carrying out a so-called "zero-click" attack. In short, the attack does not require the victim to click on anything.
WhatsApp blocks Graphite's gateway
The attack relies on booby-trapped PDF files sent over WhatsApp. Once received, these files automatically deploy the Graphite malware on the target's smartphone. There is no need for the victim to open or interact with the booby-trapped document. Once installed, Graphite gave attackers complete access to sensitive data: encrypted messages, passwords, cloud backups, location, as well as camera and microphone control. The virus was then able to insert itself into other applications and compromise them.
Several weeks after notifying all affected users, WhatsApp said it had patched the vulnerability that was exploited by Graphite. In fact, the company patched WhatsApp fixed the problem by modifying its own system without requiring users to update their devices or applications. Indeed, WhatsApp explained to Bleeping Computer that there was no need for a customer-side fix.
No identifier for the flaw
The flaw was fixed at the end of last year, weeks before the matter became public. The messaging service has chosen not to assign a Common Vulnerabilities and Exposures (CVE) identifier, a unique code used to identify a security flaw, to the breach. WhatsApp says the decision was taken under the official rules of MITRE, the organization that maintains the CVE database, and its own vulnerability management policies.
In the response to the media outlet, WhatsApp states that the Graphite case is "yet another example of why spyware companies must be held accountable for their illegal activities." WhatsApp "will remain committed to protecting users' right to communicate privately." This is far from the first time that Meta's messaging service has been targeted by an ultra-sophisticated spyware virus. In the past, WhatsApp has suffered several attacks based on Pegasus, the formidable malware developed by NSO, another Israeli firm. The spyware has claimed more than 1,400 victims.
Source: Bleeping Computer
0 Comments