This week Waled updated their main payload site again, this time pretending to offer software called “SMS Spy”.
In March Waled sites pretended to be Reuters reporting about an explosion, February saw them spoof the Couponizer site, and back in January they cloned Barack Obama’s blog. As before, this new theme is based on an existing website – what looks to be a commercial spyware for phones:
This original site (I hesitate to use the word “legitimate”) comes complete with disclaimers for those who might want to buy their product:
WARNING! Using surveillance devices, intercepting and/or recording audio conversations, without the consent of all the parties involved might be illegal in your country. Check local laws before using this software.
IMPORTANT: DISCLAIMER AND LEGALITY STATUS
It is the responsibility of the user of Wireflex to ascertain, and obey, all applicable laws in their country in regard to the use of Wireflex for “sneaky purposes”. If you are in doubt, consult your local attorney before using Wireflex. By downloading and installing Wireflex softwares, you represent that Wireflex will be used in only a lawful manner. | Logging other people’s SMS messages & other phone activity or installing Wireflex on another person’s phone without their knowledge can be considered as an illegal activity in your country. | Wireflex assumes no liability and is not responsible for any misuse or damage caused by our Wireflex. It’s final user’s responsibility to obey all laws in their country. By purchasing & downloading Wireflex, you hereby agree to the above.
But I’m here to talk about the Waled site, not this one.
As before the Waled site authors have stolen graphics from the original site, though they’ve decluttered it significantly and even added a couple of graphics of their own, including a favicon. We detect the page itself as Mal/WaledJs-A, and the executable linked to from it as Mal/WaledPak-A.
The malware authors are aiming at a fundamentally different market this time: the targets aren’t people trying to find out breaking political or local news, nor those trying to save a buck in the current economic climate. Instead the intended victims are those who think that it might actually be a good idea to download and install software to spy on other people’s phones.
If the payload wasn’t quite so malicious, I’d be sure there was a moral in here somewhere.