Business & Pleasure November 19, 2023 - 11:49 am

More than 340,000 attacks through new WhatsApp mod

According to company researchers, the mod includes spyware capable of setting up microphone recordings and pulling files from external storage.

Kaspersky researchers have discovered a new malicious spyware mod (unofficial app modification) for WhatsApp that is now spreading on another popular messaging service – Telegram. While the modification improves the user experience, it also clandestinely collects personal information from its victims. With a reach exceeding 340,000 infections in just one month, this malware primarily targets users communicating in Arabic and Azeri, although it has also affected victims worldwide.

Users often resort to third-party modifications for popular messaging apps to add additional features. However, while improving functionality, some changes also come with hidden malware. Kaspersky has identified a new mod for WhatsApp that offers additions such as scheduled messages and customizable options and contains a malicious spy module.

The modified WhatsApp client manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver starts a service, launching the spy module when the phone is turned on or charged. Once activated, the malicious implant sends a request with device information to the attacker’s server. This data includes the IMEI, phone number, country, and network codes. It also transmits the victim’s contacts and account details every five minutes, as well as being able to set up microphone recordings and pull files from external storage.

This malicious version has spread through popular Telegram channels, mainly targeting Arabic and Azeri speakers, with some of these channels counting nearly two million subscribers. Kaspersky researchers alerted Telegram to the problem. Kaspersky telemetry identified more than 340,000 attacks involving this modification in October alone. This threat emerged relatively recently, becoming active in mid-August 2023.

Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt recorded the highest attack rates. While the preference is skewed towards Arabic and Azeri-speaking users, it also affects people in the United States, Russia, the United Kingdom, Germany, and others.

Kaspersky products detect the Trojan with the following verdict: Trojan-Spy.AndroidOS.CanesSpy.

“People naturally trust apps from highly tracked sources, but it is this trust that scammers exploit. The spread of malicious modifications via popular third-party platforms highlights the importance of using official instant messaging apps. However, in case you need any additional features not found in the original app, it is advisable to use a reliable security solution before installing third-party software, as it will protect your data from being compromised. For strong personal data protection, always download apps from official stores or websites,” says Dmitry Kalinin, a security expert at Kaspersky.

To stay safe, Kaspersky experts recommend:

– Use official stores: download apps and software from trusted and official sources. Avoid third-party app stores, as the risk of hosting malicious or compromised apps is higher.

– Use reliable security software: Install and maintain reliable antivirus and antimalware software on your devices. Regularly scan your devices for potential threats and keep your security software current. Kaspersky Premium protects its users from known and unknown threats.

– Educate yourself about common scams: Stay informed about the latest cyber threats, techniques, and tactics. Be wary of unsolicited requests, suspicious offers, or urgent personal or financial information demands.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise are constantly being transformed into innovative security solutions and services to protect businesses, critical infrastructure, governments, and consumers worldwide. The company’s comprehensive security portfolio includes leading endpoint protection, a range of specialized security solutions and services, and cyber immunity solutions to combat the most advanced and evolving digital threats. Kaspersky technologies protect over 400 million users, and we help 220,000 corporate customers protect what they value most. Learn more at https://latam.kaspersky.com

For any additional information, contact +502 41211379 or email kasperskypr@techpr.guru.

COVID-19

November 19, 2024 - 4:44 pm

Danilo Díaz criticizes immigration policy following hospital incident in Santo Domingo

November 19, 2024 - 12:17 pm

CEMDOE promotes excellence in care with its 1st International Quality and Patient Safety Forum

November 18, 2024 - 1:52 pm

Haitian couple attacks medical staff at Darío Contreras Hospital

November 16, 2024 - 8:10 am

Surgeons review the most advanced techniques in operating rooms

MOST READ

Tourism

Super 8 hotels set to expand rapidly across Dominican Republic

Economy

Haiti ranks third in remittances to Dominican Republic

Health

Health Cabinet and Ministry affirm commitment to dialogue with Medical Association

Local

Pro Consumidor suspends Worldcoin Foundation for abusive contracts and data violations

MORE NEWS

Economy

Dominican Republic has exported more than 55 thousand pounds of larimar this year.

Local

Weakness in reading and mathematics still an obstacle for the Dominican Republic

Local

According to the Police, the homicide rate dropped significantly during the first two weeks of November.

Local

Dominican Repulic needs more investment in tourism to maintain competition in the sector