Kaspersky detected over 340,000 attacks involving a new WhatsApp mod that hides spyware. This mod, discovered by Kaspersky researchers, has made its way into Telegram, a popular messaging app.
It extends functionality but also secretly collects personal information. The attacks mostly focus on Arabic and Azeri speakers but have affected users globally.
Many users seek extra features from third-party mods for messaging apps. However, some of these mods carry hidden malware. Kaspersky found a WhatsApp mod that offers enhancements like scheduled messages and customization but includes a spyware module.
Kaspersky reveals top fraud schemes of scammers during Black Friday
Kaspersky: APT campaign attacks via Safari browser
“People naturally trust apps from highly followed sources, but fraudsters exploit this trust,” Dmitry Kalinin, security expert at Kaspersky.
The altered WhatsApp version has components in its manifest file that are absent in the original. One of these initiates a service, activating the spy module when the phone is powered on or charging. This malicious implant sends device information to the attacker’s server, including IMEI, phone number, country and network codes, contacts, and account details every five minutes. It can also record audio and steal files.
Canespy
This malicious mod spread through popular Telegram channels, targeting Arabic and Azeri speakers, some channels having almost two million subscribers. Kaspersky informed Telegram about the issue. The attacks peaked in Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt. However, users worldwide, including those in the US, Russia, the UK, and Germany, were affected.
Kaspersky identifies this threat as Trojan-Spy.AndroidOS.CanesSpy. Kalinin emphasized the importance of using official messaging apps to avoid such threats. He advises considering a reliable security solution before installing third-party software for added features to protect personal data.
“For robust personal data protection, always download apps from official app stores or official websites,” Kalinin said.
You must be logged in to post a comment.