Italian digital rights researchers have uncovered Morpheus, a government spyware that disguises itself as a mobile update. The infection technique is as twisted as it is effective: phone operators block the victim's mobile data and send an SMS with a fake app to restore service. Once installed, the malware abuses Android's accessibility permissions to read the screen and steal data.
How Morpheus's technical deception works on Android 🕵️
Once installed, the fake app requests accessibility permissions that allow the spyware to read the screen and interact with other applications. The theft of WhatsApp is an example of its operation: it displays a fake screen asking for a fingerprint, and when touched, the user unknowingly authorizes the addition of a new device. This gives the attacker full access to the account. Morpheus does not use zero-click exploits, but relies on deception, classifying it as low-cost spyware.
The low-cost virus that asks for your fingerprint to empty your WhatsApp 🔓
The best part is that this low-cost spyware doesn't need to be a technical marvel: it just convinces you that your phone needs an urgent update and, incidentally, asks for your fingerprint to authorize a new device on your WhatsApp. It's like a thief asking for your house keys to fix your lock, and you gladly hand them over. In the end, the Italian company IPS has been in legal interception for 30 years, but it seems they've learned that simple deception works better than any exploit.