Kaspersky has discovered a new malicious spy mod in WhatsApp, which is being widely shared in the messaging app Telegram. Although the purpose of the modification is to improve the experience, this application is secretly collecting personal information.
Users often use third-party mods to add additional features to popular messaging apps. While these mods enhance functionality, they also come with potential malware. Kaspersky has discovered a new WhatsApp mod that not only offers features like message scheduling and customization options but also contains a malicious spyware module.
After the WhatsApp client manifest was tweaked, suspicious components (services and broadcast receivers) that were not present in the original version appeared. When the phone is powered on and in charging mode, the receiver starts the service and activates the spy module. Accordingly, the malicious implant will send a request with device information to the attacker’s server. This data includes international mobile equipment identifiers (IMEI), phone numbers, country codes, and network codes In addition, every 5 minutes they transmit detailed contact and account information. of the victim as well as being able to set up microphone recordings and extract files from external storage.
The malicious version found its way through popular channels on Telegram, some of which have up to two million subscribers. Kaspersky researchers have alerted Telegram about this issue. In October alone, Kaspersky’s telemetry system detected more than 340,000 attacks related to this mod. This threat appeared recently and became active in mid-August 2023.
Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt are the countries with the highest attack rates. Although the attack trend is skewed towards Arabic and Azerbaijani-speaking users, it also affects individuals from the US, Russia, UK, Germany
Dmitry Kalinin, a security expert at Kaspersky shared: “People often trust applications from sources that are followed by many people, but scammers will take advantage of users’ trust. The spread of Malicious mods through popular third-party platforms emphasizes the importance of using an official instant messaging (IM) client. However, if you need some additional features that are not available in the initial client, you should consider using a reputable security solution before installing third-party software, as the software will protect data from compromise. To protect personal data to be sure, always download apps from app stores or official websites”.
