WhatsApp mods, beware of trojans: here is Kaspersky's discovery

Rely on mod in the context of the app Android it can often prove very dangerous. Changes on certain apps by third-party developersIn fact, they are not always completely disinterested.

To confirm all this is a recent discovery by Kaspersky which, analyzing the mods of WhatsApp, made a disturbing discovery. Some of them, in fact, appear to contain a malicious agent called Trojan-Spy.AndroidOS.CanesSpy.

According to a notice published by security experts today, the spy module works using suspicious components, with receiving and sending services that appear to have nothing to do with the official version of WhatsApp.

These components sense various system and application events, such as phone charging, text messages, and file downloads. Once activated, the receiver activates the spy module, usually when the phone is turned on or starts charging.

The malicious system then transmits crucial information from the device to a command and control (C2) server, including:

  • IMEI
  • Telephone number
  • Mobile country code
  • Mobile network code

and more.

Furthermore, these WhatsApp mods tend to upload data to the remote server contacts e account of the victim every five minutes. The spy module continuously monitors the C2 server’s instructions, called “orders,” and executes them at preconfigured intervals.

WhatsApp spy mod: 340,000 attacks identified in less than a month

The analysis carried out by the experts identified some messages sent by the server which, apparently, appear to be in Arabic. This could be a clue as to where the cybercriminals behind this operation came from. The vector adopted for the distribution of spy mods has been identified mainly through Telegram channels quite popular in the industry.

Kaspersky claimed that only between October 5 and 31, they were recorded over 340,000 attacks related to this WhatsApp mod in more than a hundred countries, with high numbers of attacks recorded in countries such as Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt.

He expressed himself in this regard Dmitry Kalininsecurity researcher at Kaspersky, “To avoid losing your personal data, we recommend using only official instant messaging clients“. He then added that “If you need extra features, we recommend using a reliable security solution that can detect and block malware if the mod you chose turns out to be infected“.


Please enter your comment!
Please enter your name here