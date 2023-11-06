Unofficial and customized versions of the WhatsApp Android application, known as mods, have gained popularity among developers for their additional features. However, a recent discovery Kaspersky experts highlights the potential danger of using these non-official versions, as they can compromise your personal data.

Kaspersky researchers recently unearthed a spyware virus, named Trojan-Spy.AndroidOS.CanesSpy, embedded in the code of an unofficial WhatsApp mod for Android. This malicious version of WhatsApp, which was shared on Telegram as an APK file, attracts users with customizable options, including the ability to schedule message sending. Once installed on the victim’s phone, the app, which has been circulating on popular Telegram channels and various dubious websites since the summer, swiftly harvests all personal data.

According to Kaspersky, the spyware waits for the phone to be turned on or charging to activate the surveillance module. It then proceeds to collect the device’s unique IMEI number, phone number, contact list, and account details. Most alarmingly, the virus can clandestinely activate the smartphone’s microphone to eavesdrop on the user. Additionally, it has the capability to access files stored in the device’s memory.

Kaspersky reports that within a month, this malicious app attempted to steal data from approximately 340,000 individuals. However, it is highly likely that the actual number of installations exceeds the recorded number of attacks. The malware predominantly targets internet users worldwide, with a significant number of victims speaking Arabic or Azerbaijani (Azeri). Surprisingly, more than 1% of attacks have been localized in France.

“People naturally trust applications from well-known sources, but malicious actors exploit this trust. The spread of malicious mods through popular third-party platforms highlights the importance of using official instant messaging software,” explains Dmitry Kalinin, a security expert at Kaspersky. To avoid falling prey to cybercriminals, Kaspersky advises sticking to the official version of WhatsApp, available on the Google Play Store. The Russian cybersecurity firm strongly recommends against installing third-party software that lacks security guarantees. In essence, there is no way to know what a malicious developer may have inserted into the application’s code. Kaspersky further notes an increase in the number of instant messaging app mods containing malicious code.

Frequently Asked Questions

What are unofficial WhatsApp mods? Unofficial WhatsApp mods are versions of the Android application developed third-party developers. These mods offer additional features and customization options that are not available in the official WhatsApp version. Why are unofficial WhatsApp mods a risk? Unofficial WhatsApp mods are not vetted or approved the official WhatsApp developers. Therefore, there is a higher risk of these mods containing malicious code or spyware that can compromise your personal data. How can I protect myself from malicious WhatsApp mods? To protect yourself from malicious WhatsApp mods, it is recommended to only download and use the official WhatsApp version available on the Google Play Store. Avoid installing third-party software that does not have security guarantees. What should I do if I have already installed an unofficial WhatsApp mod? If you have already installed an unofficial WhatsApp mod, it is advisable to uninstall it immediately and scan your device for any potential malware. Consider resetting your device to factory settings to ensure complete removal of any malicious elements.

Source: Kaspersky