Cybersecurity: New malware ‘counts’ more than 340,000 attacks

Users often resort to third-party modifications of popular messaging apps to add additional features. However, some of these mods, while improving functionality, also come with hidden malware.

Kaspersky has discovered a new WhatsApp prototype that not only offers additional functionality such as scheduled messages and customizable options, but also contains a malicious spyware module.

The modified WhatsApp client file contains suspicious elements (service and broadcast receiver) that are not present in the original version. The receiver starts the service, and the spy module starts when the phone is on or charging. Once activated, the malicious implant sends a request with device information to the attacker’s server.

This data covers international mobile ID, phone number, country and network codes, and more. It also broadcasts the victim’s contacts and account details every five minutes, and has the ability to set up microphone recordings and transfer files from external storage.

The malicious version found its way through popular Telegram channels, mainly targeting Arabic speakers and Azerbaijanis, with some of these channels having nearly two million subscribers. Kaspersky researchers reported this issue to Telegram.

Kaspersky telemetry detected more than 340,000 attacks involving this mode in October alone. This threat appeared relatively recently and was activated in mid-August 2023.

Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt recorded the highest rates of attacks. While there is a clear preference for Arab and Azerbaijani users, people from the US, Russia, UK, Germany and beyond are also affected.

Kaspersky products detect the Trojan with the following sentence: Trojan-Spy.AndroidOS.CanesSpy.

How to stay safe

To stay safe, Kaspersky experts recommend the following:

• You are using official markets: Download applications and software from official and trusted sources. Avoid third-party app stores, as the risk of hosting malicious or hacked apps is higher.
• Use reliable security software: Install and maintain reliable anti-virus and anti-malware software on your devices. Regularly scan your devices for potential threats and keep your security software up to date.
• Learn about common scams: Stay up to date on the latest cyber threats, technologies and tactics. Be wary of unsolicited requests, suspicious offers, or urgent requests for personal or financial information.
• Third-party software from popular sources often comes without warranty. Please note that such applications may contain malicious implants, e.g. Due to supply chain attacks.

source: after that