WhatsApp and WhatsApp Business apps have been targeted by various trojan malware
included in mobile phones that are counterfeit versions of popular Android smartphones, according to The Hacker News
Four different counterfeit devices including the Note30u, Mate40, radmi note 8, and P48pro were infected by the WhatsApp-targeting malware in the system partition, a report from Doctor Web revealed.
Moreover, researchers found that the devices had Android 4.4.2 installed even though device details showed that they had the significantly newer Android 10 version.
Malicious trojans have been launched through modifications of the "/system/lib/libcutils.so" and "/system/lib/libmtd.so" files, with app usage of the libcutils.so system library prompting trojan execution within libmtd.so. The report also showed that a third backdoor with plugin download and installation capabilities would be deployed by libmtd.so should the libraries be leveraged by the WhatsApp and WhatsApp Business apps.
"The danger of the discovered backdoors and the modules they download is that they operate in such a way that they actually become part of the targeted apps. As a result, they gain access to the attacked apps' files and can read chats, send spam, intercept and listen to phone calls, and execute other malicious actions, depending on the functionality of the downloaded modules," said researchers.