By Adedapo Adesanya
Meta, the parent company of Facebook, Messenger, Instagram, and WhatsApp has raised an alarm over a dangerous new malware in fake YouTube and WhatsApp apps.
The company in its latest Quarterly Adversarial Threat Report 2022 said the new threat named Dracarys is being injected into fake versions of popular apps such as WhatsApp and YouTube.
According to the report, this malware strain is capable of stealing call logs, contact information, files, SMS texts, geolocation, and device details from an Android device as well as taking photos secretly, enabling the phone or tablet’s microphone.
The latest report revealed that the Dracarys malware is named after the famous Game of Thrones dragon attack order, which is run by the hacking group Bitter APT, which operates out of South Asia. This hacking group has been said to attack users from the United Kingdom, New Zealand, India, and Pakistan.
“We found Bitter using a new custom Android malware family we named Dracarys. Notably, it used accessibility services, a feature in the Android operating system to assist users with disabilities, to automatically click through and grant the app certain permissions without the user having to do it.”
“Bitter injected Dracarys into trojanized (non-official) versions of YouTube, Signal, Telegram, WhatsApp, and custom chat applications capable of accessing call logs, contacts, files, text messages, geolocation, device information, taking photos, enabling microphone, and installing apps.
“While the malware functionality is fairly standard, as of this writing, malware and its supporting infrastructure has not been detected by existing public anti-virus systems. It shows that Bitter has managed to reimplement common malicious functionality in a way that went undetected by the security community for some time,” it added.
The Bitter APT group, which has been active since 2013, has previously targeted the energy, engineering, and government sectors with Remote Access Trojans (RATs) that were spread via spear-phishing emails or by the exploitation of known flaws. In 2021, for instance, researchers found the group exploiting a zero-day privilege escalation flaw (CVE-2021-1732) in the Windows 10 operating system.
Aduragbemi Omiyale