Auto Added by WPeMatico
Auto Added by WPeMatico
Instagram is finally preparing to copy Snapchat’s most popular feature, and one of the few it hasn’t already cloned. Instagram has prototyped an unreleased ephemeral text messaging feature that clears the chat thread whenever you leave it, a Facebook spokesperson confirms to TechCrunch. That could make users more comfortable with having rapid-fire, silly, vulnerable, or risque chats, thereby driving up the reply notifications that keep people opening Instagram all day long.

Instagram already has disappearing photo and video messaging which it launched in February 2018 to let users choose if chat partners can “view once”, “allow replay” multiple times for a limited period, or “keep in chat” permanently. Technically you could use the Create mode for overlaying words on a colored background to send an ephemeral text, but otherwise you have to use the “Unsend” feature which notifies other people in the thread.
But today, reverse engineering specialist and TechCrunch’s favorite tipster Jane Manchun Wong unearthed something new. Buried in the code of the Android app is the a new “
” mode, labeled in the code with the ‘speak-no-evil’ monkey emoji.
When users enter this mode by swiping up from Instagram Direct message thread, they’re brought to a dark mode messaging window that starts as an empty message thread. When users close this window, any messages from them or their chat partners disappear. The feature works similarly to Snapchat, which clears a chat after all members of a thread have viewed it and closed the chat window.
Here’s how Instagram disappearing messages work
The ephemeral messaging feature is not currently not publicly available but a Facebook spokesperson confirms to me that they are working on it internally. “We’re always exploring new features to improve your messaging experience. This feature is still in early development and not testing externally.” The company later tweeted the confirmation. They gave no indication of a timeline for if or when this might officially launch. Some features never make it out of the prototype phase, but others including many spotted by Wong end up being rolled out several months later.
Instagram has seen great success using Snapchat as a product R&D lab. Instagram’s version of Stories rocketed to 500 million daily users compared to just 218 million users on Snapchat as a whole.

But ephemeral messaging has kept Snapchat relevant. Back in late 2017, just 51 million of Snapchat’s 178 million users were posting Stories per day, and that was when Instagram Stories was still in its first year on the market. According to Statista, Snapchat’s top use case is staying in touch with friends and family, not entertainment.
Instagram Stories caused Snapchat to start shrinking at one point, but now it’s growing healthily again. That may signaled that Instagram still had more work to do to steal Snap’s thunder. But Instagram’s existing version of ephemeral messaging that is clunkier, Facebook scrapped a trial of a similar feature, and WhatsApp’s take that started testing in October hasn’t rolled out yet.
That’s left teens to stick with Snapchat for fast-paced communication they don’t have to worry about coming back to haunt them. If Instagram successfully copies this feature too, it could reduce the need for people to stay on Snapchat while making Instagram Direct more appealing to a critical audience. Every reply and subsequent alert draws users deeper into Facebook’s web.
Powered by WPeMatico
In Asia, where I work as a partner at an early-stage VC firm, startups are regularly rolling out a minimum viable product (MVP) and then transacting on messaging apps.
Companies like shoe brand Portblue, AI e-commerce company Sorabel and Sama, an online recruitment platform for migrant workers, all started life using WhatsApp and Facebook Messenger to communicate with customers, onboard users and raise brand awareness.
For many years, WeChat has been the default app for daily life and business in China. It’s estimated that more than 30% of all internet traffic in China is through WeChat, and in 2017 they introduced “mini-programs,” where businesses could build apps inside WeChat. Now you never have to download any apps or go to a browser to access millions of services and businesses in WeChat.
We now see a similar trend in Southeast Asia. Here, WhatsApp is the dominant social platform and, while it has not built the same infrastructure for building apps, startups have found a way around that and now run many services on top of WhatsApp, validating with customers quickly and cheaply. These companies are not only mobile-first, but they are also WhatsApp-first.
Sampingan, an Antler portfolio company founded here in Singapore, provides an on-demand workforce to businesses in Indonesia. The first version of the product was on WhatsApp. The team sourced and managed more than 2,000 blue-collar workers in Indonesia who completed 25,000 jobs in the company’s first three months.
Lisa Enckell is a partner at Antler, an early-stage venture capital firm and startup generator.
Powered by WPeMatico
Simsim, a social commerce startup in India, said on Friday it has raised $16 million in seven months of its existence as it attempts to replicate the offline retail experience in the digital world with help from influencers.
The Gurgaon-based startup said it raised $16 million across seed, Series A and Series B financing rounds from Accel Partners, Shunwei Capital and Good Capital. (The most recent round, Series B, was of $8 million in size.)
“Despite e-commerce players bandying out major discounts, most of the sales in India are still happening in brick-and-mortar stores. There is a simple reason for that: Trust,” explained Amit Bagaria, co-founder of Simsim, in an interview with TechCrunch.

The vast majority of Indians are still not comfortable with reading descriptions — and that too in English, he said.
Simsim is taking a different approach to tackle this opportunity. On its app, users watch short-videos produced in local languages by influencers who apply beauty products or try out dresses and explain the ins-and-outs of the products. Below the video, the items appear as they are being discussed and users can tap on them to proceed with the purchase.
“Videos help in educating users about the category. So many of them may not have used face masks, for instance. But it becomes easier when the community influencer is able to show them how to apply it,” said Rohan Malhotra, managing partner at Good Capital, in an interview with TechCrunch.
Influencers typically sell a range of items and users can follow them to browse through the past catalog and stay on top of future sales, said Bagaria, who previously worked at the e-commerce venture of financial services firm Paytm .
“This interactiveness is enabling Simsim to mimic the offline stores experience,” said Malhotra, who is one of the earliest investors in Meesho, also a social commerce startup that last year received backing from Facebook and Prosus Ventures.
“The beauty to me of social commerce is that you’re not changing consumer behavior. People are used to consuming on WhatsApp — and it’s working for Meesho. Over here, you are getting the touch and feel experience and are able to mentally picture the items much clearer,” he said.
Simsim handles the inventories, which it sources from manufacturers and brands, and it works with a number of logistics players to deliver the products.
“Several Indian cities and towns are some of the biggest production hubs of various high-quality items. But these people have not been able to efficiently sell online or grow their network in the offline world. On Simsim, they are able to work with influencers and market their products,” said Bagaria.
The platform today works with more than 1,200 influencers, who get a commission for each item they sell, said Bagaria, who plans to grow this figure to 100,000 in the coming years.
Even as Simsim, which has been open to users for six months, is still in its nascent stage, it is beginning to show some growth. It has amassed over a million users, most of whom live in small cities and towns, and it is selling thousands of items each day, said Bagaria.
He said the platform, which currently supports Hindi, Tamil, Bengali and English, will add more than a dozen additional languages by the end of the year. In about a month, Simsim also plans to start showing live videos, where influencers will be able to answer queries from users.
A handful of startups have emerged in India in recent years that are attempting to rethink the e-commerce market in the nation. Amazon and Walmart, both of which have poured billions of dollars in India, have taken a notice too. Both of them have added support for Hindi in the last two years and have made several more tweaks to their platforms to expand their reach.
Powered by WPeMatico
WhatsApp, the most popular messaging app, revealed today just how big it has become. The Facebook -owned app said it has amassed two billion users, up from 1.5 billion it revealed two years ago. It also remains free of ads and does not charge its users any fee.
The announcement today makes WhatsApp only the second app from Facebook to join the two-billion-users club. (Facebook’s marquee app has 2.5 billion users.) In an earnings call in late January, Facebook also noted that that there were 2.26 billion users that opened either Facebook, Messenger, Instagram or WhatsApp each day, up from 2.2 billion last quarter. The family of apps sees 2.89 billion total monthly users, up 9% year-over-year.
WhatsApp, founded 11 years ago and sold to Facebook for $19 billion six years ago, took the opportunity today to reiterate that it is committed to providing end-to-end encryption to its customers all over the globe — a crucial feature lauded by security experts everywhere but something that many governments are increasingly trying to contest.
“Strong encryption acts like an unbreakable digital lock that keeps the information you send over WhatsApp secure, helping protect you from hackers and criminals. Messages are only kept on your phone, and no one in between can read your messages or listen to your calls, not even us. Your private conversations stay between you,” WhatsApp wrote in a blog post.
Among the governments that are attempting to force WhatsApp into dropping encryption is India (which happens to be WhatsApp’s largest market, with 400 million users), Australia and the U.S.
Will Cathcart, the chief executive of WhatsApp, has said in the past that the messaging platform will fight for the privacy of its users. This was on display last October, when WhatsApp filed a suit in federal court accusing Israeli mobile surveillance maker NSO Group of creating an exploit that was used hundreds of times to hack into targets’ phones.
“Strong encryption is a necessity in modern life. We will not compromise on security because that would make people less safe. For even more protection, we work with top security experts, employ industry leading technology to stop misuse as well as provide controls and ways to report issues — without sacrificing privacy,” the company said today.
The two-billion milestone is a big feat for WhatsApp, which gained immense popularity without any marketing in developing markets such as India, where calls and texts were fairly expensive for most people. There is no app in India today that has a greater penetration than WhatsApp, for instance.
But even as WhatsApp has amassed all the users in the world, it is still struggling to make any substantial contribution to Facebook’s bottom line. In recent years, WhatsApp has introduced tools for businesses to connect with their customers. But something even more interesting has happened in the meantime.
Scores of startups in developing markets today are building businesses around WhatsApp. Vahan, a Y Combinator-backed startup, uses WhatsApp to help delivery startups find blue-collar workers. Digi-Prex, a Hyderabad-based startup, runs an eponymous online subscription pharmacy to serve patients with chronic diseases. Patients share their prescription with Digi-Prex through WhatsApp and the startup’s workers then deliver the medication to them on a recurring cycle.
I think the next justdial will be built on top of @whatsapp … especially for India (or other markets where WhatsApp is big)
anyone working on this?
— miten sampat (@miten) February 11, 2020
But this immense popularity has also created other challenges for WhatsApp. The platform has been used to spread false information that has resulted in gruesome fatalities in real world. WhatsApp has rushed to make product changes and run campaigns to educate users, but it’s a long battle.
Powered by WPeMatico
Reliance Industries, one of India’s largest industrial houses, has acquired a majority stake in NowFloats, an Indian startup that helps businesses and individuals build online presence without any web developing skills.
In a regulatory filing on Thursday, Reliance Strategic Business Ventures Limited said (PDF) it has acquired an 85% stake in NowFloats for 1.4 billion Indian rupees ($20 million).
Seven-and-a-half-year old, Hyderabad-headquartered NowFloats operates an eponymous platform that allows individuals and businesses to easily build an online presence. Using NowFloats’ services, a mom and pop store, for instance, can build a website, publish their catalog, as well as engage with their customers on WhatsApp.
The startup, which has raised about 12 million in equity financing prior to today’s announcement, claims to have helped over 300,000 participating retail partners. NowFloats counts Blume Ventures, Omidyar Network, Iron Pillar, IIFL Wealth Management, and Hyderabad Angels among its investors.
Last year, NowFloats acquired LookUp, an India-based chat service that connects consumers to local business — and is backed by Vinod Khosla’s personal fund Khosla Impact, Twitter co-founder Biz Stone, Narayana Murthy’s Catamaran Ventures and Global Founders Capital.
Reliance Strategic Business Ventures Limited, a wholly-owned subsidiary of Reliance Industries, said that it would invest up to 750 million Indian rupees ($10.6 million) of additional capital into the startup, and raise its stake to about 89.66%, if NowFloats achieves certain unspecified goals by the end of next year.
In a statement, Reliance Industries said the investment will “further enable the group’s digital and new commerce initiatives.” NowFloats is the latest acquisition Reliance has made in the country this year. In August, the conglomerate said it was buying a majority stake in Google-backed Fynd for $42.3 million. In April, it bought a majority stake in Haptik in a deal worth $100 million.
There are about 60 million small and medium-sized businesses in India. Like hundreds of millions of Indians, many in small towns and cities, who have come online in recent years thanks to world’s cheapest mobile data plans and inexpensive Android smartphones, businesses are increasingly building online presence as well.
But vast majority of them are still offline, a fact that has created immense opportunities for startups — and VCs looking into this space — and major technology giants. New Delhi-based BharatPe, which helps merchants accept online payments and provides them with working capital, raised $50 million in August. Khatabook and OkCredit, two digital bookkeeping apps for merchants, have also raised significant amount of money this year.
In recent years, Google has also looked into the space. It has launched tools — and offered guidance — to help neighborhood stores establish some presence on the web. In September, the company announced that its Google Pay service, which is used by more than 67 million users in India, will now enable businesses to accept digital payments and reach their customers online.
Powered by WPeMatico
Slack makes customer acquisition look easy.
The day we acquired our first Highspot customer, it was raining hard in Seattle. I was on my way to a startup event when I answered my cell phone and our prospect said, “We’re going with Highspot.” Relief, then excitement, hit me harder than the downpour outside. It was a milestone moment – one that came after a long journey of establishing product-market fit, developing a sustainable competitive advantage, and iterating repeatedly based on prospect feedback. In other words, it was anything but easy.
User-first products are driving rapid company growth in an era where individuals discover, adopt, and share software they like throughout their organizations. This is great if you’re a Slack, Shopify, or Dropbox, but what if your company doesn’t fit that profile?
Product-led growth is a strategy that works for the right technologies, but it’s not the end-all, be-all for B2B customer acquisition. For sophisticated enterprise software platforms designed to drive company-wide value, such as Marketo, ServiceNow and Workday, that value is realized when the product is adopted en masse by one or more large segments.
If you’re selling broad account value, rather than individual user or team value, acquisition boils down to two things: elevating account based-selling and revolutionizing the inside sales model. Done correctly, you lay a foundation capable of doubling revenue growth year-over-year, 95 percent company-wide retention, and more than 100 percent growth in new customer logos annually. Here are the steps you can take to build a model that realizes on-par results.
Account-based selling is not a new concept, but the availability of data today changes the game. Advanced analytics enable teams to develop comprehensive and personalized approaches that meet modern customers’ heightened expectations. And when 77 percent of business buyers feel that technology has significantly changed how companies should interact with them, you have no choice but to deliver.
Despite the multitude of products created to help sellers be more productive and personal, billions of cookie-cutter emails are still flooding the inboxes of a few decision makers. The market is loud. Competition is cut throat. It’s no wonder 40 percent of sales reps say getting a response from a prospect is more difficult than ever before. Even pioneers of sales engagement are recognizing the need for evolution – yesterday’s one-size-fits-all approach to outreach only widens the gap between today’s sellers and buyers.
Companies must radically change their approach to account-based selling by building trusted relationships over time from the first-touch onward. This requires that your entire sales force – from account development representatives to your head of sales – adds tailored, tangible value at every stage of the journey. Modern buyers don’t want to be sold. They want to be advised. But the majority of companies are still missing the mark, favoring spray-and-pray tactics over personalized guidance.
One reason spamming remains prevalent, despite growing awareness of the need for quality over quantity, is that implementing a tailored approach is hard work. However, companies can make great strides by doing just three things:
Powered by WPeMatico
Fyle, a Bangalore-headquartered startup that operates an expense management platform, has extended its previous financing round to add $4.5 million of new investment as it looks to court more clients in overseas markets.
The additional $4.5 million tranche of investment was led by U.S.-based hedge fund Steadview Capital, the startup said. Tiger Global, Freshworks and Pravega Ventures also participated in the round. The new tranche of investment, dubbed Series A1, means that the three-and-a-half-year-old startup has raised $8.7 million as part of its Series A financing round, and $10.5 million to date.
The SaaS startup offers an expense management platform that makes it easier for employees of a firm to report their business expenses. The eponymous service supports a range of popular email providers, including G Suite and Office 365, and uses a proprietary technology to scan and fetch details from emails, Yash Madhusudhan, co-founder and CEO of Fyle, demonstrated to TechCrunch last week.
A user, for instance, could open a flight ticket email and click on Fyle’s Chrome extension to fetch all details and report the expense in a single click in real-time. As part of today’s announcement, Madhusudhan unveiled an integration with WhatsApp . Users will now be able to take pictures of their tickets and other things and forward it to Fyle, which will quickly scan and report expense filings for them.
These integrations come in handy to users. “Eighty percent to ninety percent of a user’s spending patterns land on their email and messaging clients. And traditionally it has been a pain point for them to get done with their expense filings. So we built a platform that looks at the challenges faced by them. At the same time, our platform understands frauds and works with a company’s compliances and policies to ensure that the filings are legitimate,” he said.
“Every company today could make use of an intelligent expense platform like Fyle. Major giants already subscribe to ERP services that offer similar capabilities as part of their offerings. But as a company or startup grows beyond 50 to 100 people, it becomes tedious to manage expense filings,” he added.
Fyle maintains a web application and a mobile app, and users are free to use them. But the rationale behind introducing integrations with popular services is to make it easier than ever for them to report filings. The startup retains its algorithms each month to improve their scanning abilities. “The idea is to extend expense filing to a service that people already use,” he said.
Until late last year, Fyle was serving customers in India. Earlier this year, it began searching for clients outside the nation. “Our philosophy was if we are able to sell in India remotely and get people to use the product without any training, we should be able to replicate this in any part of the world,” he said.
And that bet has worked. Fyle has amassed more than 300 clients, more than 250 of which are from outside of India. Today, the startup says it has customers in 17 nations, including the U.S. and the U.K. Furthermore, Fyle’s revenue has grown by five times in the last five months, said Madhusudhan, without disclosing the exact figures.
To accelerate its momentum, the startup is today also launching an enterprise version of Fyle that will serve the needs of major companies. The enterprise version supports a range of additional security features, such as IP restriction and a single sign-in option.
Fyle will use the new capital to develop more product solutions and integrations and expand its footprint in international markets, Madhusudhan said. The startup, which just recently set up its sales and marketing team, will also expand the headcount, he said.
Moving forward, Madhusudhan said the startup would also explore tie-ups with ERP providers and other ways to extend the reach of Fyle.
In a statement, Ravi Mehta, MD at Steadview Capital, said, “intelligent and automated systems will empower businesses to be more efficient in the coming decade. We are excited to partner with Fyle to transform one of the core business processes of expense management through intelligence and automation.”
Powered by WPeMatico
If you’re a cricket fan, you will be visiting Facebook way more often in the coming months and years. The social juggernaut announced on Thursday it has partnered with the International Cricket Council (ICC), the global governing body of cricket, to secure exclusive digital content rights until 2023 for global ICC events in the Indian subcontinent.
As part of the four-year deal, financial details of which were not disclosed, Facebook will show post-match recaps and in-play key moments and other “feature content” of the matches in the Indian subcontinent. The exclusive rights are limited to the Indian subcontinent; elsewhere the company will carry post-match recaps. Facebook said it hopes to serve “hundreds of millions of cricket fans” through this “unprecedented” and “ground-breaking” deal.
A Facebook spokesperson told TechCrunch that the company won’t be live-streaming the matches in any market.
In a statement, Ajit Mohan, VP and managing director Facebook India, said, “with Facebook, Instagram and WhatsApp, the ICC has an exceptional opportunity to leverage our family of apps to serve current sports fans as well as bring in an entirely new generation of fans. Every day, people come to our platforms to talk about, and form friendships around, cricket. With this partnership, we will be able to serve these fans with the kind of premium content that can ignite new conversations, new connections and new followership.”
Though not as popular in the U.S., cricket is one of the most celebrated sporting events in many key Facebook markets, including the U.K., India and Australia. How popular? Hotstar, a streaming service in India owned by Disney, has set global record for most concurrent views on a live-streaming event thanks to cricket.
Facebook is well aware. In 2017, the company bid $600 million for online streaming rights of IPL, a popular cricket tournament in India, for a period of five years. It lost the bid to Star India, which operates Hotstar. Last year, the company tested the waters after it acquired streaming rights to show La Liga games in India.
The recently concluded ICC Men’s Cricket World Cup garnered 4.6 billion video views across ICC’s digital and social media platforms, ICC said.
Today’s deal includes coverage of the following events: ICC Women’s T20 World Cup 2020, ICC Men’s T20 World Cup 2020, ICC Women’s Cricket World Cup 2021, ICC World Test Championship Final 2021, ICC Men’s T20 World Cup 2021, ICC Women’s T20 World Cup 2022, ICC Men’s Cricket World Cup 2023, ICC World Test Championship Final 2023, ICC Men’s T20 World Cup Qualifier 2019, ICC Men’s Cricket World Cup Qualifier 2022, ICC U19 Cricket World Cup 2020 and ICC U19 Cricket World Cup 2022.
Last year, Star India acquired digital and TV rights to live-stream and broadcast all of Indian cricket teams’ matches globally for a sum of $944 million.
Facebook’s Mohan, who served as the chief executive of Hotstar prior to joining the social juggernaut, added, “the future of AR and VR is being charted by Facebook and we are excited about the possibility of bringing the best of our innovations to fans around the world.”
Powered by WPeMatico
A recently revealed mobile malware campaign targeting Uyghur Muslims also ensnared a number of senior Tibetan officials and activists, according to new research.
Security researchers at the University of Toronto’s Citizen Lab say some of the Tibetan targets were sent specifically tailored malicious web links over WhatsApp, which, when opened, could have stealthily gained full access to their phone, installed spyware and silently stole private and sensitive information.
The exploits shared “technical overlaps” with a recently disclosed campaign targeting Uyghur Muslims, an oppressed minority in China’s Xinjiang state. Google last month disclosed the details of the campaign, which targeted iPhone users, but did not say who was targeted or who was behind the attack. Sources told TechCrunch that Beijing was to blame. Apple, which patched the vulnerabilities, later confirmed the exploits targeted Uyghurs.
Although Citizen Lab would not specify who was behind the latest round of attacks, the researchers said the same group targeting both Uyghurs and Tibetans also utilized Android exploits. Those exploits, recently disclosed and detailed by security firm Volexity, were used to steal text messages, contact lists and call logs, as well as watch and listen through the device’s camera and microphone.
It’s the latest move in a marked escalation of attacks on ethnic minority groups under surveillance and subjection by Beijing. China has long claimed rights to Tibet, but many Tibetans hold allegiance to the country’s spiritual leader, the Dalai Lama. Rights groups say China continues to oppress the Tibetan people, just as it does with Uyghurs.
A spokesperson for the Chinese consulate in New York did not return an email requesting comment, but China has long denied state-backed hacking efforts, despite a consistent stream of evidence to the contrary. Although China has recognized it has taken action against Uyghurs on the mainland, it instead categorizes its mass forced detentions of more than a million Chinese citizens as “re-education” efforts, a claim widely refuted by the west.
The hacking group, which Citizen Lab calls “Poison Carp,” uses the same exploits, spyware and infrastructure to target Tibetans as well as Uyghurs, including officials in the Dalai Lama’s office, parliamentarians and human rights groups.
Bill Marczak, a research fellow at Citizen Lab, said the campaign was a “major escalation” in efforts to access and sabotage these Tibetans groups.
In its new research out Tuesday and shared with TechCrunch, Citizen Lab said a number of Tibetan victims were targeted with malicious links sent in WhatsApp messages by individuals purporting to work for Amnesty International and The New York Times. The researchers obtained some of those WhatsApp messages from TibCERT, a Tibetan coalition for sharing threat intelligence, and found each message was designed to trick each target into clicking the link containing the exploit. The links were disguised using a link-shortening service, allowing the attackers to mask the full web address but also gain insight into how many people clicked on a link and when.
“The ruse was persuasive,” the researchers wrote. During a week-long period in November 2018, the targeted victims opened more than half of the attempted infections. Not all were infected, however; all of the targets were running non-vulnerable iPhone software.
One of the specific social engineering messages, pretending to be an Amnesty International aid worker, targeting Tibetan officials (Image: Citizen Lab/supplied)
The researchers said tapping on a malicious link targeting iPhones would trigger a chain of exploits designed to target a number of vulnerabilities, one after the other, in order to gain access to the underlying, typically off-limits, iPhone software.
The chain “ultimately executed a spyware payload designed to steal data from a range of applications and services,” said the report.
Once the exploitation had been achieved, a spyware implant would be installed, allowing the attackers to collect and send data to the attackers’ command and control server, including locations, contacts, call history, text messages and more. The implant also would exfiltrate data, like messages and content, from a hardcoded list of apps — most of which are popular with Asian users, like QQMail and Viber.
Apple had fixed the vulnerabilities months earlier (in July 2018); they were later confirmed as the same flaws found by Google earlier this month.
“Our customers’ data security is one of Apple’s highest priorities and we greatly value our collaboration with security researchers like Citizen Lab,” an Apple spokesperson told TechCrunch. “The iOS issue detailed in the report had already been discovered and patched by the security team at Apple. We always encourage customers to download the latest version of iOS for the best and most current security enhancements.”
Meanwhile, the researchers found that the Android-based attacks would detect which version of Chrome was running on the device and would serve a matching exploit. Those exploits had been disclosed and were “obviously copied” from previously released proof-of-concept code published by their finders on bug trackers, said Marczak. A successful exploitation would trick the device into opening Facebook’s in-app Chrome browser, which gives the spyware implant access to device data by taking advantage of Facebook’s vast number of device permissions.
The researchers said the code suggests the implant could be installed in a similar way using Facebook Messenger, and messaging apps WeChat and QQ, but failed to work in the researchers’ testing.
Once installed, the implant downloads plugins from the attacker’s server in order to collect contacts, messages, locations and access to the device’s camera and microphone.
When reached, Google did not comment. Facebook, which received Citizen Lab’s report on the exploit activity in November 2018, did not comment at the time of publication.
“From an adversary perspective what makes mobile an attractive spying target is obvious,” the researchers wrote. “It’s on mobile devices that we consolidate our online lives and for civil society that also means organizing and mobilizing social movements that a government may view as threatening.”
“A view inside a phone can give a view inside these movements,” they said.
The researchers also found another wave of links trying to trick a Tibetan parliamentarian into allowing a malicious app access to their Gmail account.
Citizen Lab said the threat from the mobile malware campaign was a “game changer.”
“These campaigns are the first documented cases of iOS exploits and spyware being used against these communities,” the researchers wrote. But attacks like Poison Carp show mobile threats “are not expected by the community,” as shown by the high click rates on the exploit links.
Gyatso Sither, TibCERT’s secretary, said the highly targeted nature of these attacks presents a “huge challenge” for the security of Tibetans.
“The only way to mitigate these threats is through collaborative sharing and awareness,” he said.
Powered by WPeMatico