YouTube player

Modified versions of WhatsApp mods for Android have been found to contain spyware. This is Edwin Kwan from Sydney Australia. Security researchers have discovered modified versions of the instant messaging app being promoted on website advertising and on telegram. Those versions contain suspicious components, such as a service and broadcast receiver, which cannot be found on the original WhatsApp client. Those components are found to activate the spyware module when the phone is either switched on or starts charging. It attempts to establish contact with a command and control server before sending information about the compromised device. The app also sends the victim’s contacts details to the server every 5 mins. It also attempt to send file from any external storage along with recording files from the microphone and sending the recordings. The command and control server is found to be in Arabic, which indicates that the attacker is an Arabic speaker. Further analysis showed that the spyware has been active since August 2023 and the campaign has been primarily targeting users in Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt. It’s another reminder that we should only be using the official version for messaging services.

This segment was created for the It’s 5:05 podcast