Since August this year, people in the Middle East have been lured into using a trojanized version of the popular software.
A malicious modified version of WhatsApp messenger predominantly targeting Arabic and Azeri speakers has been distributed on popular Telegram channels that have nearly two million subscribers.
To attract downloaders, cybercriminals touted the modified WhatsApp version’s additional features such as more customization options and scheduled messaging. However, the real additional feature invisible to the users is the installation of two modules: a service and a broadcast receiver.
When the host device is turned on or put in charging mode, the receiver module initiates a service to launch the spy module, which once activated, sends a request with device information to the attackers’ server. The device data includes IMEI, phone number, country and network codes, in addition to other sensitive information. The malware also transmits the victim’s contacts and account details every five minutes, and also sets up microphone recordings and exfiltrate files from external storage.
According to the Kaspersky researchers who discovered around 340,000 attacks involving this mod in October alone, Telegram has been informed of the malware, which seemed to have started operation in mid-August 2023.
The highest attack rates were noted in Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt users. While Arabic and Azerbaijani-speaking users were the targets, the malware had also affected individuals from the US, Russia, UK, Germany and beyond.
Said Kaspersky security expert Dmitry Kalinin: “People naturally trust apps from highly-followed sources, but fraudsters exploit this trust. The spread of malicious mods through popular third-party platforms highlights the importance of using official instant messaging clients. For robust personal data protection, always download apps from official app stores or official websites.”
Readers are reminded to avoid downloading modified versions of commercial software hosted on any platform other than their phone platform’s official app download store. Additional security software on the phone can prove useful in detecting malware that manages to creep into the smart device.