Security News

Popular instant messaging service WhatsApp has launched support for proxy servers in the latest version of its Android and iOS apps, letting users circumvent government-imposed censorship and internet shutdowns. "Choosing a proxy enables you to connect to WhatsApp through servers set up by volunteers and organizations around the world dedicated to helping people communicate freely," the Meta-owned company said.

Starting today, WhatsApp allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country. The new proxy support option is available to all users running the latest WhatsApp iOS and Android applications.

A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits. The gang has been spotted before using malware to steal Facebook-related information and hijack associated business accounts to run their own ads that are paid for by the victim.

Authorities in the US and the UK are taking a keen interest in the contents of WhatsApp messages among bank employees and their associates in the financial services industry. The UK's Financial Conduct Authority is set to probe sector workers' use of private messaging services as the watchdog increases scrutiny in line with the US. According to Bloomberg, the FCA has requested information from Citigroup, Deutsche Bank, JPMorgan Chase, and Nomura Holdings, among others, inquiring about the frequency and content of staff exchanges through texting and messaging apps.

An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed deploying an Android trojan known as Triada. The goal of the malware is to steal the keys that "Allow the use of a WhatsApp account without the app," Kaspersky said in a new report.

A new version of an unofficial WhatsApp Android application named 'YoWhatsApp' has been found stealing access keys for users' accounts. YoWhatsApp is a fully working messenger app that uses the same permissions as the standard WhatsApp app and is promoted through advertisements on popular Android applications like Snaptube and Vidmate.

Unlike the email ecosystem, where anybody can email anybody, messaging and social media apps such as WhatsApp are based on closed groups. The companies are Rockey Tech HK Ltd, Beijing Luokai Technology Co. Ltd, and Chitchat Technology Ltd. The brand names under which WhatsApp alleges they peddled fake apps and addons are HeyMods, Highlight Mobi, and HeyWhatsApp.

Meta has sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using "Unofficial" WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022. Once installed, the apps used bundled malware to harvest sensitive info, including account authentication, to hijack their WhatsApp accounts to send spam messages.

Ever given a colleague a quick Signal call so you can sidestep a monitored workplace app? Well, we'd hope you're not in a highly regulated industry like staff at eleven of the world's most powerful financial firms, who yesterday were fined nearly $2 billion for off-channel comms. Banking giants including Goldman Sachs, Credit Suisse, and Citigroup agreed to pay $1.1 billion in penalties from the US Securities and Exchange Commission and $710 million in fines from the Commodity Futures Trading Commission in separate actions on Tuesday for failing to monitor and stop their workers from using unauthorized messaging apps.

One of them concerns CVE-2022-36934, a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.