In a startling revelation, a non-official or ‘mod’ modification of the popular messaging application WhatsApp has been found to infect over 340,000 devices in just one month, with its primary objective being the theft of victim’s phone data, including microphone recordings and external storage files.
This dubious ‘mod’ is being distributed through Telegram, promising to enhance user experience within the Meta-owned application but, unbeknownst to its users, clandestinely gathering personal information, according to cybersecurity company Kaspersky.
Throughout the month of October alone, this malicious ‘mod’ was responsible for more than 340,000 infections, as per Telegram’s telemetry data. Dmitry Kalinin, an expert in cybersecurity at Kaspersky, emphasized the risks of propagating malicious modifications through popular third-party platforms, stating, “The spread of malicious modifications via popular third-party platforms underscores the importance of using official instant messaging apps.”
Kalinin further highlighted the importance of using trusted security solutions before installing third-party software and advised that for the protection of personal data, downloads should only be carried out from official app stores and websites.
This particular ‘mod’ contains a malicious spy module that activates when the victim’s phone is turned on or charged. Once activated, it transmits data, including the IMEI, phone number, country and network codes, contacts, and victim’s account details every five minutes. Additionally, it can initiate microphone recordings and extract files from external storage.
The threat became active in mid-August 2023 and is primarily targeting Arabic and Azerbaijani speakers in countries like Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt. However, attacks have also been reported worldwide, including in the United States, Russia, the United Kingdom, and Germany.
This alarming revelation serves as a reminder of the importance of using official messaging applications and exercising caution when downloading third-party software to protect personal data and security.