Meta Warns Users About Malware in Fake YouTube, WhatsApp Apps

August 15, 2022
$100m YouTube Grant

By Adedapo Adesanya

Meta, the parent company of Facebook, Messenger, Instagram, and WhatsApp has raised an alarm over a dangerous new malware in fake YouTube and WhatsApp apps.

The company in its latest Quarterly Adversarial Threat Report 2022 said the new threat named Dracarys is being injected into fake versions of popular apps such as WhatsApp and YouTube.

According to the report, this malware strain is capable of stealing call logs, contact information, files, SMS texts, geolocation, and device details from an Android device as well as taking photos secretly, enabling the phone or tablet’s microphone.

The latest report revealed that the Dracarys malware is named after the famous Game of Thrones dragon attack order, which is run by the hacking group Bitter APT, which operates out of South Asia. This hacking group has been said to attack users from the United Kingdom, New Zealand, India, and Pakistan.

“We found Bitter using a new custom Android malware family we named Dracarys. Notably, it used accessibility services, a feature in the Android operating system to assist users with disabilities, to automatically click through and grant the app certain permissions without the user having to do it.”

“Bitter injected Dracarys into trojanized (non-official) versions of YouTube, Signal, Telegram, WhatsApp, and custom chat applications capable of accessing call logs, contacts, files, text messages, geolocation, device information, taking photos, enabling microphone, and installing apps.

“While the malware functionality is fairly standard, as of this writing, malware and its supporting infrastructure has not been detected by existing public anti-virus systems. It shows that Bitter has managed to reimplement common malicious functionality in a way that went undetected by the security community for some time,” it added.

The Bitter APT group, which has been active since 2013, has previously targeted the energy, engineering, and government sectors with Remote Access Trojans (RATs) that were spread via spear-phishing emails or by the exploitation of known flaws. In 2021, for instance, researchers found the group exploiting a zero-day privilege escalation flaw (CVE-2021-1732) in the Windows 10 operating system.

Adedapo Adesanya

Adedapo Adesanya is a journalist, polymath, and connoisseur of everything art. When he is not writing, he has his nose buried in one of the many books or articles he has bookmarked or simply listening to good music with a bottle of beer or wine. He supports the greatest club in the world, Manchester United F.C.

Leave a Reply

Oyoko Primary School
Previous Story

Oyoko Primary School: An Avoidable Saga

API platform
Next Story

Interswitch Launches API Platform for Developers

Latest from Technology