The fake WhatsApp was made to target select individuals. The hackers tricked them into using Mobile Device Management to push malware on their iPhones. Cybersecurity firm ZecOps in a tweet claimed that those users who have not updated to iOS 14.4 may be vulnerable to these kinds of attacks.
“iOS 14.4 patched two vulnerabilities that may have been exploited in the wild: Including both WebKit, and Kernel: hinting that they might have been used in 1-click attacks. To protect yourself: we advise you to update to the latest iOS version,” tweeted ZecOps.
Users were lured to a phishing website that looked like WhatsApp’s original website. “To keep in touch with your friends press the ‘download’ button and follow the instructions on the page,” read the website. What’s strange is that to download WhatsApp, all that iPhone users need to do is visit the App Store, search the app and hit download. Any other way of installing an iOS app, goes without saying, is unsafe.
As per the report by Vice, “The site attempted to trick visitors into installing what was actually a special configuration file for iPhones designed to potentially gather information about the victims and send it back to the attacker.”