|
Kaspersky reports more than 340,000 attacks with new malicious WhatsApp mod
Friday, November 10, 2023
WOBURN, Mass., Nov. 2, 2023 /PRNewswire/ -- Kaspersky researchers have uncovered a new malicious WhatsApp spy mod proliferating within another popular messenger, Telegram. While the modification serves its intended purpose by enhancing user experience, it also clandestinely harvests personal information from its victims. With an extensive reach surpassing 340,000 downloads in just one month, this malware predominantly targets users who communicate in Arabic and Azeri, though victims have been identified globally.
Users often turn to third-party mods for popular messaging apps to add extra features. However, some of these mods, while enhancing functionality, also come with hidden malware. Kaspersky has identified a new WhatsApp mod offering not only additions, like scheduled messages and customizable options, but also a malicious spyware module.
The modified WhatsApp client's manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver initiates a service, launching the spy module when the phone is powered on or charging. Once activated, the malicious implant sends a request with device information to the attacker's server. This data covers IMEI, phone number, country and network codes, and more. It also transmits the victim's contacts and account details every five minutes, can set up microphone recordings and can exfiltrate files from external storage.
The malicious version found its way through popular Telegram channels, predominantly targeting Arabic and Azeri speakers, with some of these channels boasting nearly two million subscribers. Kaspersky's telemetry identified over 340,000 attacks involving this mod in October alone. This threat emerged relatively recently, becoming active in mid-August 2023. Kaspersky researchers alerted Telegram to the issue.
Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt witnessed the highest attack rates. While the preference leans towards Arabic and Azerbaijani-speaking users, the malware has also impacted individuals from the US, UK, Germany, Russia and elsewhere.
Kaspersky products detect the Trojan with the following verdict: Trojan-Spy.AndroidOS.CanesSpy.
"People naturally trust apps from highly followed sources, but fraudsters exploit this trust," said Dmitry Kalinin, security expert at Kaspersky. "The spread of malicious mods through popular third-party platforms highlights the importance of using official IM clients. However, if you need some extra features not presented in the original client, you should consider employing a reputable security solution before installing third-party software, as it will protect your data from being compromised. For robust personal data protection, always download apps from official app stores or official websites."
Additional information is available on Securelist.
To stay safe, Kaspersky experts recommend:
-- Use Official Marketplaces: Download apps and software from reputable and
official sources. Avoid third-party app stores, as the risk that they
may host malicious or compromised apps is higher.
-- Use reputable security software: Install and maintain reputable
antivirus and anti-malware software on your devices. Regularly scan your
devices for potential threats and keep your security software up to
date. Kaspersky Premium protects its users from known and unknown
threats.
-- Educate yourself about common scams: Stay informed about the latest
cyber threats, techniques, and tactics. Be cautious of unsolicited
requests, suspicious offers, or urgent demands for personal or financial
information.
-- Third-party software from popular sources often comes with zero
warranty. Keep in mind that such apps can contain malicious implants, e.
g. because of supply chain attacks.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
View original content to download multimedia:https://www.prnewswire.com/news-releases/kaspersky-reports-more-than-340-000-attacks-with-new-malicious-whatsapp-mod-301976192.html
SOURCE Kaspersky
|
|
|
|
|
|
 |
Energy Toolbase Launches Energy Storage Partnership with Sungrow to Support PowerStack 255CS and PowerTitan 2.0 | Jan 22, 2026
|
|
RS now offers Phoenix Contact's pioneering new NearFi technology | Jan 22, 2026
|
|
SCAILIUM Debuts "AI Production Layer" to Overcome GPU Starvation and Slash AI Energy Waste | Jan 22, 2026
|
|
Einride and IonQ Partnership Uses Quantum Computing to Optimize the Logistics of Electric and Autonomous Freight | Jan 22, 2026
|
|
MetaOptics to Showcase Five Breakthrough Metalens-Powered Products at CES 2026 | Jan 22, 2026
|
|
Quantum Art Raises $100 Million in Series A Round to Drive Scalable, Multi-Core Quantum Computing | Jan 22, 2026
|
|
No Assembly Required: Barrett Distribution Centers Powers Maxwood Furniture's West Coast DTC Expansion | Jan 22, 2026
|
|
Hesai Recognized as the Only Lidar Company on Morgan Stanley's "Humanoid Tech 25" of Global Robotics Leaders | Jan 22, 2026
|
|
Fresco Raises EUR15m Series C to Power the Future of AI-Driven Cooking and the Connected Kitchen Ecosystem | Jan 22, 2026
|
|
Cellid and Jig.jp Jointly Develop AR Glasses | Jan 22, 2026
|
|
|
|
