TBF, no-one's as-yet found a Meta binary doing this.

you mean things like having a localhost server running on android service to bypass tracking restrictions and run all of your stuff illegally?

Well, yes, they have been found to bypass tracking restrictions, most recently using Local Mess (https://localmess.github.io/), but they haven't been found exfiltrating WhatsApp private keys or messages in plaintext. And people are looking for this specifically.