WhatsApp users are currently being targeted by hackers. The warning was issued by cybersecurity specialist Kaspersky on Friday, November 3. The company estimates that 340,000 victims were affected in October alone. Even though all countries are affected, it appears that the malware involved in these attacks mainly targets users who communicate in Arabic and Azeri.
To spread the malware, hackers use "mods". Third-party mods are very popular. Normally, they allow you to add features to the email service or customize the interface on Android only. These are programs that are not official. Control is therefore made more complex, as they are distributed, as is the case here, via popular Telegram channels.
Passing information to hackers
As a result, a mod was modified with "suspicious components (a service and a broadcast receiver)". Once installed on the targeted device, the malware sends information to the attacker's server, such as "IMEI, phone number, etc." In addition, the software diligently transmits information about "the victim's contacts and account details" every five minutes. Hackers also have the ability to activate the microphone and download files from external storage.
According to Kaspersky's analysis, the doctored mod targeted users mainly in Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt, but "the phenomenon also affects people from the United States, Russia, the United Kingdom, Germany and elsewhere." To avoid being affected by this spyware, it is recommended to download apps and software from official and reputable sources and use known security software.