Mod applications (intervened to tweak features and interfaces) are quite popular on the Android platform because users are allowed to install software outside the Play Store on their devices. Among them, OTT software mods such as WhatsApp and Telegram are used quite a lot because they bring new experiences to users. However, hackers have begun to take advantage of this program to secretly attack users.
A recent report by Kaspersky Security Research found that over 340,000 attacks were detected against the WhatsApp mod alone in just one month. The hackers targeted the mod on a global scale. According to experts, the mod not only offers features such as message scheduling and customization options, but also contains a malicious spyware module.
The WhatsApp mod circulating may contain spyware.
Specifically, the feature mod has many added elements that were not in the original version released by the development team. Once installed on the victim's device, a signal receiver will start the suspicious service and activate the spy module, sending requests with information about the device to the attacker-controlled server.
This data includes international mobile equipment identity (IMEI) numbers, phone numbers, country codes, and telecommunications network codes… In addition, every 5 minutes, the program transmits the victim's contact and account details, even setting up microphone recordings and extracting files from external memory to send.
To spread faster, this version was planted in information sharing channels between user groups on Telegram, including channels with millions of subscribers. The attack began to break out in mid-August and Telegram received a warning about the problem.
“ People trust apps from popular sources, but scammers take advantage of that trust,” said Dmitry Kalinin, security expert at Kaspersky. “The spread of malicious mods through popular third-party platforms shows the importance of using officially released apps. If you need some additional features that are not available in the original app, you should consider using a reputable security solution before installing unfamiliar software to protect your data from being compromised. It is best to always download apps from official app stores or websites. ”
In addition, users are also advised not to ignore security patch updates from the device manufacturer (released monthly or quarterly), regularly update the software on the device... In case the device shows unusual signs, users can refer to how to detect and handle the situation here.
Khanh Linh
Source
Comment (0)