This application is used to intercept WhatsApp traffic and subsequently read WhatsApp messages.
The attack is successful when a specially prepared device and the victim are connected to the same Wi-Fi network. Root access is required for the application to work. Core functionality is implemented in the arpspoof and tcpdump ELF modules. Network requests are forwarded to these modules by the iptable class=”most_attacked_countries”, which acts as a go-between between the victim and server.
Geographical distribution of attacks by the HackTool.AndroidOS.Whapsni family
Geographical distribution of attacks during the period from 08 June 2016 to 08 June 2017
Top 10 countries with most attacked users (% of total attacks)
||% of users attacked worldwide*
* Percentage among all unique Kaspersky users worldwide attacked by this malware