Facebook exposed cyber spies using bogus whatsapp and signal apps

Cyber Warfare Asia
2 min readSep 15, 2022

In a recent Forbes article, Facebook recently uncovered cyber operations run by cyber spies that were believed to be operating out of India and Pakistan that has been spying on thousands of people by using malware disguised as popular messaging apps like Whatsapp, Signal and Telegram.

The publication noted that cyber espionage groups Bitter APT and APT36, had been targeting people in UK, Saudi Arabia, China are among other countries.

“Dracarys” named found in the malware code and a possible reference to the dragon on the popular Game of Thrones series. According to the Facebook, the malware can allegedly siphon off all kinds of information from an Android device that include call logs, contacts, files, text messages, and geolocation data and also access a device’s camera and microphone.

APT hackers’ i.e. BITTER and APT36

Facebook latest report states that “We found BITTER using a new custom Android malware family we named Dracarys, As BITTER injected dracarys into trojanized version in various messaging apps.”

In today’s scenario cybersecurity has become the need of an hour of every government, corporate entities and individuals across the world due to rising cyber threats and risk of loss infrastructure.

US based cybersecurity research division Cisco’s Talos recently said the group has been running attacks since 2013 on energy, engineering and government entities in China, Pakistan and Saudi Arabia.

In 2019, blackberry states that BITTER and CONFUCIUS having similar hallmark of govt- sponsored resources and their targeting priorities. Their operation reveals a similar skill set for both desktop and mobile malware as well as infrastructure and delivery methods for each.

Trend Micro report also suggests that there may be a connection between BITTER group and CONFUCIUS. According to that report, Indian cybersecurity firm, Phronesis, which was founded by former Indian military officers was involved in one or more activity sets which include APT groups known as PATCHWORK, CONFUCIUS, HANGOVER, URPAGE.

Facebook also announced action on Pakistan- based hacking entity APT36.It was too involved in creating Android spy tools masquerading as apps including WhatsApp, Chinese social network WeChat and YouTube.APT36 involved in targeting people of Afghanistan, India, Pakistan, UAE and Saudi Arabia.

Facebook’s head of cyber espionage investigations, Mike Dvilyanski, said that Meta has uncovered 10,000 users across at least nine countries that may have been targeted by APT36 and Bitter APT.

However, Indian and Pakistan government officials do not respond for request to comment on Forbes report. But we can say that both countries government are involved in running cyber espionage campaigns against each other.



Cyber Warfare Asia

Providing news related to state sponsored cyber warfare in Asia