Beware of this FAKE WHATSAPP made by an Italian spyware vendor to target YOU

A fake version of Whatsapp for iPhone is made by an Italian surveillance company Cy4Gate to target specific individuals. It will trick users to install some configuration files on their phones. By this, the hacker can get your UDID and IMIE number.

This was exposed from the Cybersecurity research Lab at the university of Toronto with MotherBoard. 

A site was found with domain config5-dati[.]com that was tricking visitors to install the fake app that was actually a special configuration file for the iPhone, Motherboard reported. It appeared to have been designed to gather information about the victims and send it back to the hackers.

Upon seeing the URL of the tricking site, Motherboard found multiple clusters of domains associated with the publicly shared link. Some variations of the original URL were also discovered. One of them was config1-dati[.]com that appeared to be a phishing page tricking individuals to install the fake version of WhatsApp. It looked legitimate, with WhatsApp branding and professional graphics, and provided instructions to the users on how to install a configuration file on the iPhone to get the fake version installed.

Citizen Lab researcher Bill Marczak noted that the configuration file provided by the phishing page was allowing the attacker to send device details including the UDID 

and IMEI to a server. The researchers, however, didn't find what other data the file

 could have provided from the user device.

There was no clear reference of whether the fake version of WhatsApp was linked 

with Cy4Gate that works with law agencies and the government in Italy. However, 

a set of domains was found that at one point shared an IP address with the config5

-dati[.]com domain. That set brought notice to another set of domains that 

followed similar conventions, and one of them was registered to “cy4gate srl.” This suggested the linkage with the Italian surveillance company

A WhatsApp spokesperson assured action against the fake version. “We strongly 

oppose abuse from spyware companies, regardless of their clientele. Modifying 

WhatsApp to harm others violates our terms of service. We have and will continue 

to take action against such abuse, including in court,” the spokesperson said, as 

quoted by Motherboard.

“To help keep chats safe, we recommend that people download WhatsApp from the

 app store for their phone's platform. In addition, we may temporarily ban people

 using modified WhatsApp clients we detect to help encourage people to download 

WhatsApp from an authoritative source,” the spokesperson added.