Again there is a dangerous malware which is a threat to Android users. Meta has issued a red alert to Android and tablet users about dangerous hidden malware on WhatsApp and YouTube. According to the Quarterly Adversarial Threat Report 2022, Meta revealed that cloned versions of WhatsApp and YouTube are corrupted with Dracarys Malware. And online criminals are not just limited to these apps; they are also targeting other instant messaging apps. They include Telegram, Signal and custom chat applications. Recent reports say that Dracarys is named after ‘Game of Thrones battle cry for dragons’. And the Bitter APT hacking group is responsible for this malware. Not just one country, this hacking group is targeting New Zealand, the UK, Pakistan, and India. Meta revealed in the report, “We found bitter using a new custom Android malware family we named Dracarys. Notably, it used accessibility services, a feature in the Android Operating system to assist users with disabilities, to automatically click through and grant the app certain permissions without the user having to do it.”
What this malware is capable of
Dracarys is dangerously intrusive when it comes to its threats. Hackers can steal personal data using this malware. Personal may include call logs, SMS texts, files, geo-location and every device detail. Even scarier is that this malware can secretly click photos, install apps without the user’s permission, and even enable the microphone. The worst part is that it can bypass any antivirus protection or security check very smoothly. As a result, it will not come to notice. Meta report warns, “while the malware functionality is fairly standard, as of this writing, malware and its supporting infrastructure have not been detected by existing public antivirus systems. It shows that Bitter has managed to reimplement common malicious functionality in a way that went undetected by the security community for some time.”
What is the solution?
Users should not download inauthentic applications for WhatsApp, YouTube, Telegram or signal. They should avoid using clone versions. Instead, they should prefer verified applications from Google Play Store. If the user doesn’t allow the source, malware cannot enter the phone.