New Android Malware WolfRAT affects Facebook, WhatsApp Messenger


This new Android Malware known as WolfRAT targets Facebook, WhatsApp messengers

Securing your devices from hackers been quite difficult these days, hackers are finding new ways to attack our devices and steal data. Well, this is the 2nd new malware discovered in two days that attacks Android Smartphones. The 1st one uses the Classic Bluetooth technique to gain remote access to your Android Smartphone, read more about the Classic Bluetooth attack from here.

Researchers have discovered a new malware that targets popular messaging apps like FB and WhatsApp messenger to gain control over smartphone and steal user data.

The malware is operated by Wolf Research which is a Germany-based Spyware organization that develops and sells espionage-based malware to governments, hence the Malware is dubbed WolfRAT

the researchers said

The Malware is pushed via phishing/smishing links to the target devices, Researchers found that the command-and-control (C2) server domain is located in Thailand.

The chat details, WhatsApp records, messengers and SMSs of the world carry some sensitive information and people choose to forget these when communications occur on their phone. We see WolfRAT specifically targeting a highly popular encrypted chat app in Asia, Line, which suggests that even a careful user with some awareness around end-to-end encryption chats would still be at the mercy of WolfRAT and it’s prying eyes.

researchers said

How does WolfRAT affect Android Smartphones?

After phishing/smishing the malware on the targeted device, WolfRAT poses as legitimate services, such as Google Play apps or Flash updates, by using their icons and package names.

These are normally functional packages, with no user interaction needed, Mercer said. For instance, the malware uses a package name (“”) to pretend to be a Google Play application.

The researchers identified that the malware is still in its development mode and also identified samples that show activity from January 2019, however, one of the C2 domains was registered in 2017 (ponethus[.]com)

The Malware once updates/flashes apps with its changes it enables a screen-recording feature. The screen recording is started when the RAT determines that WhatsApp is running.

The researchers say it has only yet targeted Thai Users and also can target other locations. There is an official statement to be released by the Thai security researchers and messenger apps. We would suggest you download Malwarebytes or any Malware scanner to be protected from this malware.


About Author

Be Ready for the challenge

Notify of
Inline Feedbacks
View all comments