Kaspersky says new WhatsApp mod stealing personal info involved in over 340,000 attacks
Kaspersky has red-flagged a modified version of WhatsApp which has been involved in over 340,000 attacks in October alone. This version offers many additions over the standard version, including scheduled messages and customisable options.
“The modified WhatsApp client’s manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver initiates a service, launching the spy module when the phone is powered on or charging,” the cybersecurity firm explained.
Once activated, the malicious component sends a request with device information to the attacker’s server. This data covers IMEI, phone number, country and network codes, and more. It also transmits the victim’s contacts and account details every five minutes, can set up microphone recordings and can exfiltrate files from external storage, Kaspersky said.
The malicious version of the instant messaging platform found its way to the users through popular Telegram channels, predominantly targeting Arabic and Azeri speakers, with some of these channels boasting nearly two million subscribers.
Kaspersky said it identified over 340,000 attacks involving this mod in October alone. This threat emerged relatively recently, becoming active in mid-August 2023. Notably, the malicious WhatsApp mod was downloaded over 340,000 times in just one month.
It added the Kaspersky researchers have alerted Telegram to the issue.
“People naturally trust apps from highly followed sources, but fraudsters exploit this trust,” said Dmitry Kalinin, security expert at Kaspersky. “The spread of malicious mods through popular third-party platforms highlights the importance of using official IM clients. However, if you need some extra features not presented in the original client, you should consider employing a reputable security solution before installing third-party software.”
For robust personal data protection, the cybersecurity firm has recommended always downloading apps from official app stores or official websites.