On WhatsApp we share all kinds of information. It serves as a link with the couple, with friends, with the family, but also for more serious issues that have to do with work and school. In other words, it is a huge source of personal information and, surely, you have ever been curious to know who they communicate with and what some people say through the platform. To do this in internet you can find each other apps what do they promise to spy someone else’s conversations, but do they really work and what are the risks to use them?
As the company exposes Informatic security ESET, when you search in Google with the word “spy” immediately among the suggestions that appear is the option to “Spy WhatsApp” which indicates that many users are looking for tools for that purpose. And, as expected, it seems that the options to achieve this are many.
However, before accessing these tools it is important to know if they can really be trusted to spy on someone else’s WhatsApp, if they deliver what they promise and what are the risks of malware infection. In this sense, ESET decided to analyze some options.
“Given the number of users who are willing to try some of the many alternatives that appear in the first results of Google When looking for how to spy on WhatsApp or someone else’s phone, we found it important to explore some of these options to raise awareness of privacy risks and safety”, Explained Daniel Barbosa, researcher at ESET Latin America.
Also read: WhatsApp, trick to delete a message after hours of being sent
The first thing you should know is that none of the sites and extensions that were analyzed comply with what was promised and only search cheat to the people.
According to ESET, the sites that offer to spy on WhatsApp promise to access all the account information for free and basically what they request is the WhatsApp number of the person you want to monitor, in addition to the operating system you are using the user who wants to spy on the other person.
All the analyzed sites have practically the same structure and the end is very similar: a screen that simulates that many commands are being executed to access the information of the telephone number provided, but nothing is actually executed. These are only texts already programmed on the page.
“Although some of these sites display images that may seem convincing to gullible eyes, what these sites offer is a lie. It would be irreversible damage to the image of WhatsApp if the sites could actually access the encrypted information of your customers simply by entering a phone number ”, added the specialist.
The good news is that the company did not find any malicious code on these sites. However, precautions must be taken. ESET concludes that the objective of those who offer the service is the collection of information that could later be used by criminals to spread threats to specific targets via phone number. Information from the operating system could also be used to later alter the site to propagate malware specific to a particular version of Windows, for example.
The second possible benefit is in the advertising. To have access to the supposed data collected from the account to spy on, you must follow some additional steps that lead to several sites, also without apparent malicious code, but full of advertising. For every access criminals earn a small amount of money from advertising and these simple accesses feed the industry of the cybercrime.
Read also: How to clean your WhatsApp to prevent it from stopping working
And when is it a download?
The company of cybersecurity also looked at extensions for the browser, in particular one for Chrome which also claimed to be able to access the information of a WhatsApp account. The description available in the extension indicates to the interested parties that they should install it in the browser or refer to a website that will do the same. It’s about another false promise
Installing the extension is not malicious code, but another click generator. What the user sees is a small web page in the form of a button that directs to an address that offers fake services related to YouTube, like increasing the number of subscribers to a channel. Then they are asked to carry out a verification that consists of completing a very long questionnaire on pages full of ads. Full page ads are refreshed on every question, increasing profits for criminals looking to monetize their campaigns through ad delivery.
Barsosa added: “Although at the time of analyzing this extension it did not present additional malicious characteristics, the dangers that the installation of an extension entails is much greater than those that I have mentioned previously. The installation of software in your browser can bring several complications. In addition to the possibility of changing the operation of the browser itself, this software can be used as a tool to download other malicious programs without the user being aware. It wouldn’t be the first time attackers they use extensions that pose as legitimate tools to perform malicious actions. “
Also read: What is prostration and why did so many memes arise?
And the apps?
Also exist Applications available that promise to monitor mobile phones but, according to ESET research, they actually only use the interface of an application to use a function already available in WhatsApp itself, such as the use of WhatsApp web. There are also apps that track the activity of online contacts, providing a certain level of information, such as a history of when the contacts were online and offline. However, the risk they carry is similar to that of browser extensions, with the aggravation that the risk is linked to telephone, which is where most people store the most sensitive data.