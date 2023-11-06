WhatsApp, one of the most popular messaging apps in the world, has seen its fair share of security concerns over the years. Recently, a new threat has emerged in the form of trojanized versions of WhatsApp mods for Android. These modified versions of the app have been used threat actors to facilitate the deployment of spyware.

Unlike the original WhatsApp client, these trojanized versions include additional features that enable spyware activation upon turning on or charging the Android devices where they are installed. This allows threat actors to gain access to sensitive data stored on these devices.

Once connected to a command-and-control server, the spyware, known as CanesSpy, gathers a significant amount of information from the infected devices. This includes device information such as IMEI, mobile number, and country code, as well as contacts, accounts, and external storage-based files. It is important to note that all exfiltrated data sent to the command-and-control servers were in Arabic, indicating that an Arabic-speaking threat actor may be behind these attacks.

This latest development is part of a growing trend of messaging app exploitation for malware distribution. WhatsApp mods, which are modified versions of the app created third-party developers, are often distributed through third-party Android app stores and Telegram channels. These alternative distribution channels lack proper screening and fail to take down malware, making it easier for threat actors to spread their malicious creations.

As Kaspersky researcher Dmitry Kalinin warns, popularity does not guarantee safety. Users should be cautious when downloading apps from third-party sources and only trust official app stores such as Google Play Store or Apple App Store.

Frequently Asked Questions (FAQ)

What are WhatsApp mods?

WhatsApp mods are modified versions of the original WhatsApp app created third-party developers. These mods often offer additional features or customization options that are not available in the official WhatsApp client.

How do trojanized WhatsApp mods work?

Trojanized WhatsApp mods include additional features that enable the activation of spyware upon turning on or charging the Android devices where they are installed. This allows threat actors to remotely access and gather sensitive data from the infected devices.

Why are third-party Android app stores risky?

Third-party Android app stores often lack proper screening and fail to take down malware-infected apps. This makes it easier for threat actors to distribute their malicious creations through these alternative channels.

How can users protect themselves from malicious WhatsApp mods?

To reduce the risk of downloading a malicious WhatsApp mod, it is recommended to only download apps from official app stores, such as Google Play Store or Apple App Store. Additionally, users should be cautious when downloading apps from unfamiliar sources and research the reputation of third-party app stores before using them.