April 25, 2019

The rise of the mobile messaging app has been meteoric. The number of users of WhatsApp, for example, has reached 1.5 billion. And WeChat, a messaging app from China, has over 1 billion users. The mobile messaging app has a place in history as the human urge to communicate with all and sundry continues to dominate tech.

The power of mobile messaging is not lost on the cybercriminal element either; WhatsApp and other mobile messaging apps are no stranger to cybersecurity issues. Back in 2014, a security researcher identified a fundamental security flaw in the app which allowed a hacker to upload a user’s chat database to a third-party server. Vulnerabilities, in messaging apps, as in other applications, are still fairly commonplace.

As cybercriminals are always on the lookout for an opportunity, it is no real surprise that WhatsApp and other messaging apps are being used as another string in the hacker’s bow.

Ways That Mobile Messaging Is Not Secure

Mobile apps are as vulnerable to security exploits as other applications. As evidence for this, WhiteHat Security performed a series of security tests against Android apps. They found that 90 percent of Android apps had serious security vulnerabilities allowing sensitive data to be exposed. Included in these tests were business apps, the report found that 33% of such apps had vulnerabilities. The Apple IOS was only slightly better with 30% of mobile apps showing security flaws.

Mobile apps are special – they are like the gift that keeps on giving for the cybercriminal. They can be used for both the theft of data and to then sell that data on – as an extended arm of the darknet.

Messaging Apps and Data Theft

Malware for messaging apps like WhatsApp is pretty commonplace. It makes sense that code to extract data from messaging apps would appear. WhatsApp messages can contain very personal data. However, people know that messaging apps, like WhatsApp and Telegram, are designed to be secure. They openly advertise the fact that the apps incorporate ‘end-to-end’ encryption so that messages are encrypted during transfer between parties.

But even encryption has limits and can give users a false sense of security if not implemented correctly. Apps, like WhatsApp Spy, for example, take advantage of ways around encryption via access control. You can buy this spyware from just $21.99 per month to “spy on your loved ones or workers” – so the advertising goes. Using WhatsApp Spy you can track a person’s location, see who they are messaging and what those messages say, and even view deleted messages. You do have to have physical access to the device you want to spy on, but still…

There are plenty of spyware apps available that perform similar functions. Some, may themselves, be scams waiting to scam the scammer – so beware…

Another example of spyware malware, that can be used for WhatsApp data spying, was discovered by researcher Lukas Stefanko. And yet another is the infamous WhatsApp malware strain, SkyGoFree which can steal WhatsApp messages.

Mobile Trojans are yet another type of malware that focuses on messaging apps, like WhatsApp. SpyDealer, found by Palo Alto Networks, is designed to harvest personal data and can be used to gather data from over 40 different types of mobile apps. SpyDealer can even steal videos and record phone calls. The malware works by exploiting a legitimate Android feature which creates superuser access.

Messaging Apps Used to Sell Data

In a twist in the security tale, WhatsApp and other mobile messaging apps like Telegram are being used to facilitate and protect the sale of stolen data. The theory is that as the FBI has been successful in closing down darknet marketplaces like AlphaBay, the cybercriminals have moved over to the messaging apps for privacy and security – how ironic. Researchers at Cisco have found darknet chat channels on messaging app Telegram, for example. One of these channels “Dark Jobs” is a recruitment channel to find employees of banks and similar, to carry out insider data theft. Other channels focus on identity theft and creating fake IDs to carry out fraud.

Intsights recently published a report looking at the use of mobile messaging apps as conduits for darknet data sales. The company discovered that literally hundreds of thousands of cybercriminals are using messaging apps to trade stolen personal data and financial card details. These darknet cybercriminals found the feature of ‘group chats’ offered by mobile messaging apps particularly useful. One Telegram darknet group in Brazil had around 60,000 members.

Interestingly, the infamous darknet browser, Tor, also got in on the messaging app act by introducing Tor Messenger. Like its browser counterpart, Tor Messenger was built to ensure privacy. Any chats within the app being encrypted and anonymous. However, Tor recently ‘sunsetted’ Tor Messenger– one of the reasons for this decision being that they could not guarantee data security. Yet another twist in the convoluted tale of cybercrime, data, and the darknet.


One thing is certain, cybercriminals are masters of technology. Just like any business, they use technology to innovate and promote their core work – making money off the rest of us. Mobile messaging apps give the hacker a two for the price of onedeal. The apps can be exploited to act like a lake of data they can phish from, giving them a heady mix of highly sensitive personal data and even financial card details. And then they can use the same apps to sell the data on. You have to stand back sometimes and think, wow, that is truly making the most of something. However, what is performed in the name of cybercrime is no laughing matter and causes material harm to companies and individuals alike. It is time to fight fire with fire and this starts with understanding your enemy. Thanks to a highly active cybersecurity industry keeping us all security aware, we can keep ahead of the cybercriminal.



Share this: