HackTool.AndroidOS.Whapsni

Detect Date 06/08/2017
Class HackTool
Platform AndroidOS
Description

This application is used to intercept WhatsApp traffic and subsequently read WhatsApp messages.
The attack is successful when a specially prepared device and the victim are connected to the same Wi-Fi network. Root access is required for the application to work. Core functionality is implemented in the arpspoof and tcpdump ELF modules. Network requests are forwarded to these modules by the iptable class=”most_attacked_countries”, which acts as a go-between between the victim and server.

Geographical distribution of attacks by the HackTool.AndroidOS.Whapsni family


Geographical distribution of attacks during the period from 08 June 2016 to 08 June 2017

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 India 16.89
2 Brazil 10.78
3 Mexico 7.76
4 Italy 7.18
5 Germany 6.57
6 Spain 4.30
7 Colombia 2.73
8 Russian Federation 2.59
9 Egypt 2.42
10 USA 2.25

* Percentage among all unique Kaspersky users worldwide attacked by this malware