Cyber Security

Over 340K Attacks w/ New Malicious WhatsApp Mod, reports Kaspersky

180
(source: Kaspersky)

Kaspersky researchers recently uncovered a new malicious WhatsApp spy mod, now proliferating within another popular messenger, Telegram. 

While the modification serves its intended purpose by extending user experience, it also clandestinely harvests personal information from its victims. With an extensive reach surpassing 340,000 in just one month, this malware predominantly targets users who communicate in Arabic and Azeri, though victims have been identified globally.

The modified WhatsApp client’s manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver initiates a service, launching the spy module when the phone is powered on or charging. Once activated, the malicious implant sends a request with device information to the attacker’s server. This data covers IMEI, phone number, country and network codes, and more. It also transmits the victim’s contacts and account details every five minutes and can set up microphone recordings and exfiltrate files from external storage.

Examples of Telegram channels distributing malicious mods (source: Kaspersky)

The malicious version found its way through popular Telegram channels, predominantly targeting Arabic and Azeri speakers, with some of these channels boasting nearly two million subscribers. Kaspersky researchers alerted Telegram about the issue. Kaspersky’s telemetry identified over 340,000 attacks involving this mod in just October. This threat emerged relatively recently, becoming active in mid-August 2023.

Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt witnessed the highest attack rates. While the preference leans towards Arabic and Azerbaijani-speaking users, it also impacts individuals from the US, Russia, the UK, Germany, and beyond. 

Kaspersky products detect the Trojan with the following verdict: Trojan-Spy.AndroidOS.CanesSpy.

To stay safe, Kaspersky experts recommend: 

  • Use Official Marketplaces: Download apps and software from reputable and official sources. Avoid third-party app stores, as the risk that may host malicious or compromised apps is higher.
  • Use reputable security software: Install and maintain reputable antivirus and anti-malware software on your devices. Regularly scan your devices for potential threats and keep your security software up to date. Kaspersky Premium protects its users from known and unknown threats. 
  • Educate yourself about common scams: Stay informed about the latest cyber threats, techniques, and tactics. Be cautious of unsolicited requests, suspicious offers, or urgent personal or financial information demands. 
  • Third-party software from popular sources often comes with zero warranty. Keep in mind that such apps can contain malicious implants, e.g., because of supply chain attacks.

“If you need some extra features not presented in the original client, you should consider employing a reputable security solution before installing third-party software, as it will protect your data from being compromised. For robust personal data protection, always download apps from official app stores or official websites,” shared Dmitry Kalinin, security expert at Kaspersky.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Kaspersky Cybersecurity Products Dominate 2024 Performance Rankings

Kaspersky continues to set the standard for excellence in cybersecurity. Throughout all...

Filipinos Must Stay Alert Amid Holiday Cybercrime Surge, Advises Kaspersky

As the holiday season approaches, many Filipinos are shopping online, exchanging gifts,...

Kaspersky Named Leader for its Managed Security Services and Incident Response

Kaspersky has been recognized as a technology leader in the 2024 Quadrant...

Businesses in Southeast Asia Face Over 23 Million Bruteforce Attacks in 2024, Reports Kaspersky

Kaspersky reported a massive record of over 23M bruteforce attacks targeting businesses...