The researches have warned Facebook and Whastapp users as the users are being tricked while installing the trojan on the Android device. It spies on the users of these apps by stealing photos, videos, messages and also records audio.
The Cisco Talos researches have named it “WolfRAT” malware. This malware is targeting Whatsapp, and Facebook users and Line in the form of Google Play or Flash update. Then it asks them to install a trojan on their phones which later collects their data and sends them to the trojan command and control servers.
According to the researches, the WolfRAT is a Remote Access Trojan (RAT) which is a modified version DenDroid. DenDroid is an old malware and a source code which was leaked in 2015. These types of malware targets Messaging apps only. This malware was seen when Whatsapp Messenger was running, and it recorded the screen.
The researchers say Thai users are targeted more by WolfRAT. Few of the Control and Command 2 servers are seen which are from Thailand.
WolfRAT malware is being run by Wolf Research, which is an organisation which creates interception and espionage-based malware. However, the organisation is not active formally, but the members of it might be functioning.
Moreover, it is said that the work on trojan was done in a lazy manner. A lot of copy/paste work was seen from public sources, dead code, unstable code, open panels, and much more.
Source@Tech Viral: Read more at: Technology Week Blog