According to company researchers, the mod includes spyware capable of setting up microphone recordings and pulling files from external storage.
Kaspersky researchers have discovered a new malicious spyware mod (unofficial app modification) for WhatsApp that is now spreading on another popular messaging service – Telegram. While the modification improves the user experience, it also clandestinely collects personal information from its victims. With a reach exceeding 340,000 infections in just one month, this malware primarily targets users communicating in Arabic and Azeri, although it has also affected victims worldwide.
Users often resort to third-party modifications for popular messaging apps to add additional features. However, while improving functionality, some changes also come with hidden malware. Kaspersky has identified a new mod for WhatsApp that offers additions such as scheduled messages and customizable options and contains a malicious spy module.
The modified WhatsApp client manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver starts a service, launching the spy module when the phone is turned on or charged. Once activated, the malicious implant sends a request with device information to the attacker’s server. This data includes the IMEI, phone number, country, and network codes. It also transmits the victim’s contacts and account details every five minutes, as well as being able to set up microphone recordings and pull files from external storage.
This malicious version has spread through popular Telegram channels, mainly targeting Arabic and Azeri speakers, with some of these channels counting nearly two million subscribers. Kaspersky researchers alerted Telegram to the problem. Kaspersky telemetry identified more than 340,000 attacks involving this modification in October alone. This threat emerged relatively recently, becoming active in mid-August 2023.
Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt recorded the highest attack rates. While the preference is skewed towards Arabic and Azeri-speaking users, it also affects people in the United States, Russia, the United Kingdom, Germany, and others.
Kaspersky products detect the Trojan with the following verdict: Trojan-Spy.AndroidOS.CanesSpy.
“People naturally trust apps from highly tracked sources, but it is this trust that scammers exploit. The spread of malicious modifications via popular third-party platforms highlights the importance of using official instant messaging apps. However, in case you need any additional features not found in the original app, it is advisable to use a reliable security solution before installing third-party software, as it will protect your data from being compromised. For strong personal data protection, always download apps from official stores or websites,” says Dmitry Kalinin, a security expert at Kaspersky.
To stay safe, Kaspersky experts recommend:
– Use official stores: download apps and software from trusted and official sources. Avoid third-party app stores, as the risk of hosting malicious or compromised apps is higher.
– Use reliable security software: Install and maintain reliable antivirus and antimalware software on your devices. Regularly scan your devices for potential threats and keep your security software current. Kaspersky Premium protects its users from known and unknown threats.
– Educate yourself about common scams: Stay informed about the latest cyber threats, techniques, and tactics. Be wary of unsolicited requests, suspicious offers, or urgent personal or financial information demands.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise are constantly being transformed into innovative security solutions and services to protect businesses, critical infrastructure, governments, and consumers worldwide. The company’s comprehensive security portfolio includes leading endpoint protection, a range of specialized security solutions and services, and cyber immunity solutions to combat the most advanced and evolving digital threats. Kaspersky technologies protect over 400 million users, and we help 220,000 corporate customers protect what they value most. Learn more at https://latam.kaspersky.com
For any additional information, contact +502 41211379 or email kasperskypr@techpr.guru.