WhatsApp has received more than its fair share of hits from Trojans attempting to target its large user base and worldwide popularity, but only a handful of those possesses the threat level of this new discovery that appears to be aimed primarily at Latin America.
Recently revoked from Google Play, Android/Balloonpopper is a game that carries a Trojan which secretly uploads WhatsApp conversations and pictures. This Trojan takes advantage of the fact that encryption on WhatsApp is easy to break. Plus its (recent) position on Google Play helped to lower the guard of its victims.
The stolen conversation and pictures are stored by the app developer and can be retrieved by anyone who knows the phone number of the victim. For complete information, a buyer must pay the developer an unspecified amount.
The game itself is both simple and real. It distracts the victim while stealing the data. Other apps–from this developer or others–could easily copy this technique. As long as the developer remains in business, there is no telling what tactic or app might appear next on Google Play.
Android/Balloonpopper is a perfect example of the threats we see affecting the mobile landscape in 2013. Protecting privacy is at the forefront of mobile security, but an effective attack can turn personal information into a commodity for cybercriminals.