Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Attackers after WhatsApp and Telegram users

Symantec Threat Intelligence: Attackers after WhatsApp and Telegram users



Today, Symantec has released two new pieces of research about Android mobile apps being exploited to attack users.

WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantec’s Modern OS Security team.

The security flaw, dubbed “Media File Jacking”, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge.

If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc.

To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media

Additionally, Symantec has found a malicious app named MobonoGram 2019 (detected as Android.Fakeyouwon) advertising itself as an unofficial version of the Telegram messaging app and claiming to provide even more features than both the official and other unofficial versions in the market. While the app does provide basic messaging functionality, we found it was also secretly running a few services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background.

These malicious websites include Fakeyouwon, pornography and gaming websites. Symantec have also seen the URL making a request to itself, causing an infinite loop of requests to the website. Such activity not only exhausts the device’s battery, but also leads to an unpleasant user experience and may even cause the device to crash.

To read the full Report on MobonoGram 2019please go to https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites


Today, Symantec has released two new pieces of research about Android mobile apps being exploited to attack users.

WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantec’s Modern OS Security team.

The security flaw, dubbed “Media File Jacking”, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge.

If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc.

To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media

Additionally, Symantec has found a malicious app named MobonoGram 2019 (detected as Android.Fakeyouwon) advertising itself as an unofficial version of the Telegram messaging app and claiming to provide even more features than both the official and other unofficial versions in the market. While the app does provide basic messaging functionality, we found it was also secretly running a few services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background.

These malicious websites include Fakeyouwon, pornography and gaming websites. Symantec have also seen the URL making a request to itself, causing an infinite loop of requests to the website. Such activity not only exhausts the device’s battery, but also leads to an unpleasant user experience and may even cause the device to crash.

To read the full Report on MobonoGram 2019please go to https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites


Today, Symantec has released two new pieces of research about Android mobile apps being exploited to attack users.

WhatsApp and Telegram media files could be exposed and manipulated by malicious actors according to new research by Symantec’s Modern OS Security team.

The security flaw, dubbed “Media File Jacking”, affects WhatsApp for Android by default, and Telegram for Android if certain features are enabled. It stems from the lapse in time between when media files received through the apps are written to the disk, and when they are loaded in the apps’ chat user interface (UI) for users to consume. This critical time lapse presents an opportunity for malicious actors to intervene and manipulate media files without the user’s knowledge.

If the security flaw is exploited, a malicious attacker could misuse and manipulate sensitive information such as personal photos and videos, corporate documents, invoices, and voice memos. Attackers could take advantage of the relations of trust between a sender and a receiver when using these IM apps for personal gain or to wreak havoc.

To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media

Additionally, Symantec has found a malicious app named MobonoGram 2019 (detected as Android.Fakeyouwon) advertising itself as an unofficial version of the Telegram messaging app and claiming to provide even more features than both the official and other unofficial versions in the market. While the app does provide basic messaging functionality, we found it was also secretly running a few services on the device without the user’s consent, as well as loading and browsing an endless stream of malicious websites in the background.

These malicious websites include Fakeyouwon, pornography and gaming websites. Symantec have also seen the URL making a request to itself, causing an infinite loop of requests to the website. Such activity not only exhausts the device’s battery, but also leads to an unpleasant user experience and may even cause the device to crash.

To read the full Report on MobonoGram 2019please go to https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites


ends

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 


Bell Gully: Uncertainty Ahead With New Unconscionable Conduct Legislation

new prohibition against ‘unconscionable conduct’ in trade is one of a number of changes to the Fair Trading Act 1986 that come into force from 16 August 2022. The new prohibition may have wide-ranging implications for many businesses... More>>


Statistics: Food Prices Increase 7.4 Percent Annually
Food prices were 7.4 percent higher in July 2022 compared with July 2021, Stats NZ said today... More>>



REINZ: Market Activity And Prices Continue To Ease, First Home Buyers Start To Return To The Market

New Zealand’s winter property market continues its recent trend, slowing from the pace of sales and price rises of last year — properties stay on the market longer and median prices dip... More>>



Kiwi Group Holdings: Fisher Funds Acquires Kiwi Wealth Business

Kiwi Group Holdings Limited (KGHL) today announced the sale of Kiwi Wealth to Fisher Funds for NZ$310 million... More>>



Retail NZ: Welcomes Return Of Cruise Ships

“Cruise visitors were big spenders in retail prior to COVID-19, and retailers in Auckland will be celebrating the arrival of P&O’s Pacific Explorer this morning... More>>



ASB: Full Year Results: Building Resilience Today And For Our Future

In its 175th year, ASB has reported a cash net profit after tax of $1,418 million for the 12 months to 30 June 2022, an increase of $122 million or 9% on the prior year... More>>