WhatsApp spy apps. What are they actually doing and why are they a danger?


In WhatsApp, we share all kinds of information. It serves as a link with the couple, with friends, with the family, but also for more serious issues that have to do with work and school. In other words, it is a huge source of personal information and, surely, you have ever been curious to know who they communicate with and what some people say through the platform. For this, on the internet, you can find apps that promise to spy on someone else's conversations, but do they really work, and what are the risks of using them?

As stated by the IT security company ESET, when a search is carried out in Google with the word "spy" immediately among the suggestions that appear is the option to "spy on WhatsApp" which denotes that many users are looking for tools with that purpose. And, as expected, it seems that the options to achieve this are many.

However, before accessing these tools it is important to know if they can really be trusted to spy on someone else's WhatsApp if they deliver what they promise and what the risks of malware infection are. In this sense, ESET decided to analyze some options.

"Given the number of users who are willing to try some of the many alternatives that appear in the first Google results when looking for how to spy on WhatsApp or someone else's phone, it seemed important to us to analyze some of these options to raise awareness about the risks to privacy and security ”, explained Daniel Barbosa, a researcher at ESET Latin America.

The result

The first thing you should know is that none of the sites and extensions that were analyzed comply with what was promised and only seek to deceive people.

According to ESET, the sites that offer to spy on WhatsApp promise to access all the account information for free, and basically what they request is the WhatsApp number of the person you want to monitor, in addition to the operating system the user is using. wants to spy on the other person.

All the analyzed sites have practically the same structure and the end is very similar: a screen that simulates that many commands are being executed to access the information of the telephone number provided, but nothing is actually executed. These are only texts already programmed on the page.

“Although some of these sites display images that to gullible eyes may seem convincing, what these sites offer is a lie. It would be irreversible damage to the image of WhatsApp if the sites could actually access the encrypted information of their customers simply by entering a phone number, "added the specialist.

The good news is that the company did not find any malicious code on these sites. However, precautions must be taken. ESET concludes that the goal of those offering the service is to collect information that could then be used by criminals to spread threats to specific targets through the phone number. Information from the operating system could also be used to later alter the site to spread malware specifically to a particular version of Windows, for example.

The second possible benefit is in advertising. To have access to the supposed data collected from the account to spy on, you must follow some additional steps that lead to several sites, also without apparent malicious code, but full of advertising. For each access, criminals earn a small amount of money from advertising, and these simple accesses fuel the cybercrime industry.

And when is it a download?

The cybersecurity company also analyzed extensions for the browser, in particular one for Chrome that also claimed to be able to access the information of a WhatsApp account. The description available in the extension indicates to the interested parties that they should install it in the browser or refer to a website that will do the same. It's about another false promise

Installing the extension is not malicious code, but another click generator. What the user sees is a small web page in the form of a button that directs to an address that offers fake services related to YouTube, such as increasing the number of subscribers to a channel. Then they are asked to carry out a verification that consists of completing a very long questionnaire on pages full of ads. Full-page ads are refreshed on every question, increasing profits for criminals looking to monetize their campaigns through ad delivery.

Barsosa added: “Although at the time of analyzing this extension it did not present additional malicious characteristics, the dangers that the installation of an extension entails is much greater than those I have mentioned previously. The installation of software in your browser can bring several complications. In addition to the possibility of changing the operation of the browser itself, this software can be used as a tool to download other malicious programs without the user being aware. It would not be the first time that attackers have used extensions posing as legitimate tools to carry out malicious actions."

And the apps?

There are also applications available that promise to monitor mobile phones but, according to ESET research, they actually only use an application interface to use a function already available in WhatsApp itself, such as using WhatsApp web. There are also apps that track the activity of online contacts, providing a certain level of information, such as a history of when the contacts were online and offline. However, the risk they carry is similar to that of browser extensions, with the aggravation that the risk is linked to the phone, which is where most people store the most sensitive data.

2 views0 comments

Recent Posts

See All