محفوظ في:
| المؤلفون الرئيسيون: | , |
|---|---|
| التنسيق: | Recurso digital |
| اللغة: | الإنجليزية |
| منشور في: |
Zenodo
2026
|
| الوصول للمادة أونلاين: | https://doi.org/10.5281/zenodo.18916943 |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
جدول المحتويات:
- <p>OMEGA INFINITY 3 is the third iteration in a documented series of forensic observations demonstrating systematic compromise of WhatsApp's official software distribution infrastructure. Whereas OMEGA INFINITY 1 established the cryptographic impossibility of two distinct binaries sharing valid Microsoft digital signatures (implying SHA-2/SHA-3 hash collision or PKI compromise), and OMEGA INFINITY 2 extended those findings to include autonomous zero-click binary delivery, impossible PE future timestamps (2054--2072), and confirmation that the official whatsapp.com/download endpoint serves binaries originating from the same compromised build pipeline---OMEGA INFINITY 3 takes a deliberate, methodology-driven approach: the researcher intentionally downloaded the official installer to generate unambiguous sandbox evidence.</p> <p>The resulting file, WhatsApp Installer (6).exe (SHA-256:<br>bb2aff493d76602afe402f40f810afb329c380f2c7de3bc1b86d06c6be6a159e), was submitted to both Recorded Future's Tria.ge sandbox and VirusTotal on 2026-03-03. Sandbox analysis returned a threat score of 8/10 (Likely Malicious), with simultaneous behavioral classifications spanning ransomware, spyware, adware, persistence, and discovery—the highest combined threat profile observed across the entire OMEGA INFINITY series. VirusTotal confirmed a valid Microsoft Authenticode signature (signer: Microsoft Corporation, via Microsoft Marketplace CA G 023 → Microsoft Root Certificate Authority 2011) and revealed a PE Compilation Timestamp of 2088-10-04 08:12:24 UTC—62 years in the future—continuing and escalating the impossible future timestamp pattern established in OMEGA INFINITY 1 (2097) and OMEGA INFINITY 2 (2054/2072). The binary's internal name is StoreInstaller.exe ("Store Installer" by Microsoft Corporation), file version 22602.213.1.0, compiled as a .NET PE32 assembly (CLR WindowsRuntime 1.4, assembly Microsoft.Services.Store.winmd).</p>