Users often use third-party mods to add additional features to popular messaging apps. While these mods enhance functionality, they also come with potential malware. Kaspersky has discovered a new WhatsApp mod that not only offers features like message scheduling and customization options, but also contains a malicious spyware module.
Users need to be careful when installing applications from unknown sources.
After the modified WhatsApp client manifest, suspicious components (services and broadcast receivers) that were not present in the original version appeared. When the phone was powered on and in charging mode, the receiver started the service and activated the spy module. Accordingly, the malicious implant sent a request with device information to the attacker's server. This data included the International Mobile Equipment Identity (IMEI), phone number, country code, and network code. In addition, every 5 minutes they transmitted the victim's contact and account details, and were also able to set up microphone recordings and extract files from external storage.
The malicious version found its way through popular Telegram channels, some of which have up to two million subscribers. Kaspersky researchers alerted Telegram to the issue. In October alone, Kaspersky’s telemetry systems detected more than 340,000 attacks involving the mod. The threat emerged recently and began operating in mid-August 2023.
Azerbaijan, Saudi Arabia, Yemen, Türkiye, and Egypt were the countries with the highest attack rates. Although the attack trend was skewed towards Arabic and Azerbaijani speaking users, it also affected individuals from the US, Russia, UK, Germany, etc.
“People often trust applications from popular sources, but scammers take advantage of this trust,” said Dmitry Kalinin, security expert at Kaspersky. “The spread of malicious mods through popular third-party platforms emphasizes the importance of using official instant messaging (IM) clients. However, if you need some additional features that are not available in the original client, you should consider using a reputable security solution before installing third-party software, as it will protect your data from being compromised. To be sure of protecting your personal data, always download applications from official app stores or websites.”
Source link
Comment (0)