A new malicious WhatsApp mod that also works on Telegram has been discovered by Kaspersky researchers. The mod claims to offer extra features for the popular messaging apps, but it also secretly collects personal data from the users. The malware has infected over 340,000 devices in just one month, mainly targeting users who speak Arabic and Azeri. The most affected countries are Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.
WhatsApp mods are unofficial versions of the app that add some functionality that the original app does not have. However, some of these mods also contain hidden spyware that can compromise the user’s privacy and security. Kaspersky has detected a new WhatsApp mod that has a malicious spyware module that can steal information from the device.
The spyware module is activated by a service and a broadcast receiver that are not present in the original WhatsApp app. The receiver starts the service when the phone is turned on or plugged in. The service then sends a request to the attacker’s server with the device information, such as IMEI, phone number, country and network codes, and more. It also uploads the user’s contacts and account details every five minutes and can record audio from the microphone and access files from the external storage.
The malicious mod is distributed through Telegram channels, some of which have nearly two million subscribers. Kaspersky researchers have notified Telegram about the issue. The malware started to spread in mid-August 2023 and reached over 340,000 attacks in October. The majority of the victims are users who communicate in Arabic and Azeri, but the malware also affects users from other countries, such as the US, Russia, the UK, Germany, and others. Kaspersky products identify the Trojan as Trojan-Spy.AndroidOS.CanesSpy.
“People tend to trust apps from popular sources, but criminals exploit this trust. The distribution of malicious mods through third-party platforms shows the importance of using official IM clients. However, if you need some additional features that are not available in the original app, you should always use a reliable security solution before installing any third-party software, as it will protect your data from being stolen. For strong personal data protection, always download apps from official app stores or official websites,” says Dmitry Kalinin, a security expert at Kaspersky.
To stay safe, Kaspersky experts advise:
Use official marketplaces: Download apps and software only from reputable and official sources. Avoid third-party app stores, as they have a higher risk of hosting malicious or compromised apps.
Use reputable security software: Install and maintain a trusted antivirus and anti-malware software on your devices. Scan your devices regularly for potential threats and keep your security software updated.