Hackers compromise messaging app Viber’s App Store listing

viber_app_store_compromised

 

After targeting the website of popular messaging app Viber earlier this week, hackers seem to have compromised app’s listing on the App Store as well.

The Description and What’s New section of Viber 3.0 on the App Store has been modified to to read “We created this app to spy on you, PLEASE DOWNLOAD IT!”, as first reported by 9to5mac. The compromised listing was still live in the App Store at the time of filing this report. It’s not clear if the damage is limited to app’s description only, or if the app itself has been compromised in some way as well.

It’s not clear at this point if this latest attack is the work of the same group that compromised Viber’s website earlier this week. On Tuesday, reports emerged that Syrian Electronic Army had defaced Viber’s support forum and placed the following message:

Dear All Viber Users,

The Israeli-based “Viber” is spying and tracking you

We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking

Screenshot of a hacked system: [screenshot]
Viber later responded that one of its employee’s fell victim to a phishing attach and attackers could gain access to customer support panel and support administration system, insisting that no sensitive user data was exposed. Here’s Viber’s statement in full:

Today the Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.

Leave a Reply