Hans
Security
Magazine
Vol I

Grab It Now

Article

COUNT
1428

Beware ! They are selling your WhatsApp Conversations

Posted On : Dec 17th 2013 by Rishi Aggarwal

We at "HANS - Anti Hacking Anticipation Society" analyzed a particularly nasty Android app that targets users of the popular messaging service WhatsApp. Once the dangerous app is installed, it uploads your WhatsApp conversations to another website where anyone with your phone number can purchase copies.

watsapp hack

BalloonPop2
The actual app to watch out for is called BalloonPop2. Once installed, the game actually works—though it is a dull, stripped-down affair. The app is figuring out the details of your WhatsApp account. It also checks your SIM card's serial number, presumably to match your WhatsApp account to a phone number.

The app then copies the contents of two directors associated with WhatsApp: the entire contents of your Profile Pictures folder, and then files ending with ".db.crypt" contained in WhatsApp/Databases/.

WhatsAppCopy
BalloonPop2 then uploads your files to the WhatsAppCopy website, where anyone can search for them through your phone number. If they want a copy of your conversations, they only need to pay a fee to WhatsAppCopy. What's not clear is if those files are readable. SecruityWatch is investigating whether the files BalloonPop2 swipes are encrypted or not.

WhatsAppCopy might seem obviously illegal, but from reading the WhatsAppCopy website (translated from Spanish via Google) the entire operation is framed as a "backup" service. The idea being that you'd install the game on your own device and purchase your own records. This is a pretty flimsy excuse, considering that the app used to copy your data isn't sold as a backup app, and that it's named in a way that encourages confusion with a number of popular Android games. It's clearly meant to deceive.

At best, WhatsAppCopy and BalloonPop2 fall into the grey-area of surveillance apps. These apps capture text messages and calls, and are targeted at people looking to spy on their significant others. At worst, it's a blatant attempt to steal your data and sell it.

How To Stay Safe
Since WhatsAppCopy's BalloonPop2 app was removed from Google Play, there's little to fear from accidental infection. By default, Android devices block apps from sources other than Google Play and it's a good idea to leave this option turned on.

 

If you like this post, please like us on Facebook  too. 

 

 

 

 

Whatsapp Hacking - Anti Hacking

Powered By: ArdentInfotech.org