You know when you’re using a chat program and the program reminds you not to send out important personal details or banking information?
You should really start listening to that warning.
A new Android malware has been discovered that steals your WhatsApp conversations and sells those conversations to the highest bidder. If you’re a WhatsApp user, this is obviously pretty scary. Just think of all the messages you’ve sent on that app over the last few months.
This latest Android threat was discovered by F-Secure. Here’s how it works:
-The app is called BalloonPop2 and it’s a simple game that looks like this:
-That game was available for free on the Google Play Store for a brief period of time
-It’s unknown how many people downloaded BalloonPop2
-BalloonPop2 is currently still available from the developer’s website (I’m not going to link to the website and give that loser a free SEO boost)
-Once installed, BalloonPop2 appears to function as a real game, but in the background, the app is quietly stealing information about your WhatsApp account while also checking your SIM card’s serial number
-After this data has been collected, WhatsApp copies everything from your WhatsApp profile pictures folder as well as the .db.crypt folder database
-This data is uploaded to the WhatsAppCopy website, where anyone can search through the records simply by using your phone number
-You can pay a fee to receive a copy of your conversations
It’s unknown whether or not the .db.crpyt folder has been decrypted once you’ve purchased the conversations back. However, that encrypted folder contains all of the stuff you don’t want other people to see – like your WhatsApp conversations and any media you’ve sent.
This might not even be strictly illegal
Perhaps the most bizarre part of the WhatsAppCopy scam is that it might not even be illegal. The app is advertising itself as a backup service. The app nicely steals your WhatsApp conversations and then offers those conversations as a convenient paid download from its website. How nice of them!
Of course, there’s no mention of these ‘backup’ properties when you download BalloonPop2. While the app might fall into a grey area, the app’s developer is probably an evil, evil person.
How to protect yourself
BalloonPop2 has been removed from the Google Play Store, so you don’t have to worry about accidentally installing this app. The only way your system could get infected would be if you visited the developer’s website, enabled “Allow downloads from sources outside the Google Play Store”, and then proceeded to download the app. Don’t do that, and you’ll be fine.
WhatsApp is particularly popular among travelers and people living outside North America. The free app lets you send text messages and other media to users for free over a data connection. You don’t have to pay texting rates.
If you’re a WhatsApp user, you should probably think twice before you send that next message.