KEEPNET LABS > Blog > Counterfeit Phones Found to Contain Backdoor to Hack WhatsApp

Counterfeit Phones Found to Contain Backdoor to Hack WhatsApp

Dr. The Web first encountered malware in July 2022. At least four different smartphones have been found in the system partition. Devices are copies of models of well-known brands such as Redmi, P48pro, Note30u and Mate40. Trojan downloads plugins from a remote server and installs them on compromised devices.

Counterfeit Phones Found to Contain Backdoor to Hack WhatsApp

Budget models of Android devices with fake versions of popular smartphone brands contain a large number of hidden Trojans designed to target WhatsApp and the WhatsApp business messaging application. Dr . The web first encountered malware in July 2022. At least four different smartphones have been found in the system partition: Redmi note 8, P48pro, Note30u, and Mate40. The cybersecurity company released a report earlier this week. “These incidents compound the fact that the hacked devices are copies of models of well-known brands.” “Also, instead of having one of the latest versions of the operating system installed with the relevant information displayed in the device details (such as Android 10), they have a long-outdated version 4.4. version 2″.

The intervention contains two files: ” / system / lib / libcutils. i.e. “and” /system/lib/libmtd. so” is specially configured this way when using libcutils. So that the system library is used by each application, it activates the execution of the Trojan contained in libmtd. so. If the applications that use these libraries are WhatsApp or WhatsApp Business, use libmtd. so begins to launch a third-party backdoor that downloads October plugins from a remote server and installs them on compromised devices. “The danger of the detected backdoors and the modules they download is that they actually work in such a way that they become part of the intended applications.”

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.