November 3, 2023 at 10:14AM
Attackers have been distributing spyware through modified versions of WhatsApp and Telegram, collecting private data from Android users. Kaspersky researchers detected 340,000 attempts to distribute the spyware through WhatsApp mods, with the real number of installations likely being higher. The majority of victims were in Azerbaijan, Yemen, Saudi Arabia, Egypt, and Turkey. Telegram has been notified about the malware but has not responded. WhatsApp parent company Meta also did not provide a response.
Key Takeaways from the Meeting Notes:
1. Kaspersky researchers have identified spyware being distributed through WhatsApp mods on Android devices. These mods were originally discovered on Telegram.
2. There have been approximately 340,000 attempts to distribute the spyware through the WhatsApp mods, but the actual number of installations is believed to be higher.
3. The spyware attack has affected users worldwide, with 46% of victims located in Azerbaijan. Other affected countries include Yemen, Saudi Arabia, Egypt, and Turkey.
4. WhatsApp mods, which are third-party applications designed to enhance the messaging app’s capabilities, have been increasingly targeted by malware.
5. Kaspersky previously warned about the Triada mobile Trojan, which was proliferating on legitimate apps, including a spoofed version of YoWhatsApp.
6. Kaspersky has also observed spyware being injected into unofficial Telegram mods, primarily targeting users in China. Google removed these mods from its app store.
7. The spy module found in the WhatsApp mods is identified as Trojan-Spy.AndroidOS.CanesSpy. It contains suspicious components not found in the original WhatsApp client.
8. Kaspersky researchers discovered that Telegram channels were the primary source for distributing the spyware found in the WhatsApp mods. They alerted Telegram about the situation but have not received a response.
9. Dark Reading reached out to both Telegram and WhatsApp Meta for comment but has not yet received a response from either company.
Please let me know if you need further clarification or if there’s anything else I can assist you with.