iWorld
MPL announces Bug Bounty programme; aims to bolster the player-first approach to enhance user security
Mumbai: Mobile and skill gaming platform MPL has launched a Bug Bounty programme with the aim of strengthening the security of the users and continuing to provide a safe and fair gameplay environment. The programme will reward security researchers with up to Rs 10 lakhs for successfully identifying a valid vulnerability on MPL. This is open to researchers globally, and reports that address valid security vulnerabilities that are within the scope of the programme will be eligible for the rewards and recognition.
With the Bug Bounty programme, MPL will not just focus on identifying security vulnerabilities but will also make targeted efforts to devise a timely resolution to tackle them.
This initiative is aligned to the company’s player-first approach that considers the safety and security of the users as its topmost priority.
Interestingly, the MPL Bug Bounty programme does not restrict its scope to just identifying security loopholes but also allows researchers to report any possibility of fraud that could give a player an unfair advantage. The programme encourages reports on instances that can enable a player to compromise with the gameplay or the outcomes, like winning a game without playing, altering the gameplay, or even posting outrageous scores. Along with this, reporting of any vulnerability that can target the users on the platform, like taking over user accounts or dumping user data, also falls within the scope of the program.
MPL VP of security and compliance Ruchir Patwa said, “At MPL we are always committed to the player-first approach and the Bug Bounty programme has been launched to continue our efforts towards enhancing the user security and safe playing experience on our platform. With this, we also intend to reward and recognise some of the good samaritans of the gaming fraternity. We look forward to some great collaborations with researchers across the globe and will continue to create the best gaming experiences for all our users.”
MPL will also recognise the contributions of the researchers who have submitted the most insightful reports by featuring them in the Bug Bounty Hall of Fame page.
iWorld
Meta warns 200 users after fake Whatsapp spyware attack
Italy-targeted campaign used unofficial app to deploy surveillance spyware.
MUMBAI: It looked like a message, but it behaved like a mole. Meta has warned around 200 users most of them in Italy after uncovering a targeted spyware campaign that weaponised a fake version of WhatsApp to infiltrate devices. The attack, first reported by Agenzia Nazionale Stampa Associata, relied on classic social engineering with a modern twist: persuading users to download an unofficial WhatsApp clone embedded with surveillance software. The malicious application, believed to be developed by Italian firm SIO through its subsidiary ASIGINT, was designed to mimic the real app closely enough to bypass suspicion.
Meta’s security teams identified roughly 200 individuals who may have installed the compromised version, triggering immediate countermeasures. Affected users were logged out of their accounts and issued alerts warning of potential privacy breaches, with the company describing the incident as a “targeted social engineering attempt” aimed at gaining device-level access.
The malicious app was not distributed via official app stores but circulated through third-party channels, where it was presented as a legitimate WhatsApp alternative. Once installed, it reportedly allowed external operators to access sensitive data stored on the device turning a simple download into a potential surveillance gateway.
According to Techcrunch, Meta is now preparing legal action against the spyware developers to curb further misuse. The company, however, has not disclosed details about the specific individuals targeted or the extent of data compromised.
A Whatsapp spokesperson reiterated that user safety remains the top priority, particularly for those misled into installing the fake iOS application. Meanwhile, reports from La Repubblica suggest the spyware may be linked to “Spyrtacus”, a strain previously associated with Android-based attacks that could intercept calls, activate microphones and even access cameras.
The episode underscores a growing reality in the digital age, the threat is no longer just what you download, but where you download it from. As unofficial apps become increasingly convincing, the line between communication tool and covert surveillance is getting harder to spot and far easier to exploit.
