November 3, 2023 at 09:42AM
Researchers have discovered modified versions of WhatsApp for Android that contain spyware called CanesSpy. These versions are being spread through sketchy websites and Telegram channels primarily used by Arabic and Azerbaijani speakers. The spyware is designed to activate when the phone is turned on or charging, and it sends information about the compromised device to a command-and-control server. It also gathers data about the victim’s contacts and accounts. The spyware has been active since August 2023 and primarily targets Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt. This highlights the ongoing issue of modified messaging apps being used to distribute malware.
Key Takeaways from Meeting Notes:
1. Cybersecurity researchers have discovered WhatsApp mods for Android that contain spyware called CanesSpy.
2. These modified versions of WhatsApp are being distributed through sketchy websites and Telegram channels primarily used by Arabic and Azerbaijani speakers.
3. The spyware module activates when the phone is switched on or starts charging and establishes contact with a command-and-control server.
4. CanesSpy collects and transmits information about the compromised device, including the IMEI, phone number, mobile country code, and mobile network code.
5. Additionally, the spyware has the capability to send files, record sound from the microphone, and alter the command-and-control servers.
6. The messages sent to the command-and-control server are in Arabic, suggesting the developer is an Arabic speaker.
7. The campaign primarily targets Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.
8. This incident highlights the continued abuse of modified messaging services like Telegram and WhatsApp to distribute malware.
9. WhatsApp mods are commonly distributed through third-party Android app stores and Telegram channels, which often lack proper screening for malware.
10. Users should exercise caution when downloading and using modified versions of messaging apps and stick to official app stores for downloads.