Indonesian Political, Business & Finance News

Don't Update Apps Rashly: There's Morpheus Spyware That Can Peek at WhatsApp Chats

| By Wahyunanda Kusuma Pertiwi | Source: KOMPAS Translated from Indonesian | Technology
Don't Update Apps Rashly: There's Morpheus Spyware That Can Peek at WhatsApp Chats
Image: KOMPAS

Android phone users must exercise greater caution when updating systems or apps, especially if they receive links from unofficial sources. Researchers have discovered a spyware called Morpheus that masquerades as a fake app (spoofing), allowing it to access WhatsApp (WA) conversations without the user’s knowledge. This finding was revealed by the Italian digital rights organisation Osservatorio Nessuno. In its report, Morpheus is described as malware capable of stealing various data from target devices, from screen activities to access to messaging apps like WhatsApp. When users are careless and unwary, this malware can install easily and harm victims. Morpheus is a spyware designed to monitor user activities on Android devices. The malware disguises itself as a system update app, so victims are unaware that the installed app is actually dangerous. Researchers link Morpheus to the Italian company IPS, which has operated for over 30 years providing lawful interception technology. This technology is typically used by governments or law enforcement to monitor communications in real-time via network operators. According to available information, IPS operates in more than 20 countries. However, it is not detailed in which countries the spyware has been used. Researchers also did not disclose the identities of targets, though they mention the possibility of links to political activities in Italy. Victims then receive an SMS that appears official, as if from the operator. The message usually contains a link, directing the target to click it. The pretext is often for a system update or to fix a connection to reconnect to the network. Once the app is installed, the spyware requests accessibility permissions on Android. This feature allows the app to read screen contents and interact with other apps. In this case, the feature is abused to access user data. Subsequently, Morpheus displays a fake update process, including a reboot screen. After that, the spyware impersonates WhatsApp and requests biometric verification or a PIN. Unbeknownst to them, this action grants access to the WhatsApp account, for example, by adding a new device to the victim’s account. With this access, perpetrators can read WhatsApp chats in real-time, monitor screen activities, and access various other data on the device.

View JSON | Print