Researchers discover malicious WhatsApp modification

Image via Unsplash

A malicious WhatsApp spy modification has been uncovered by Kaspersky researchers. The modification serves its intended purpose by enhancing user experience, it also clandestinely harvests personal information from its victims.

Users often turn to third-party mods for popular messaging apps to add extra features. However, some of these mods, while enhancing functionality, also come with hidden malware.

The modified WhatsApp client's manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version. The receiver initiates a service, launching the spy module when the phone is powered on or charging.

Once activated, the malicious implant sends a request with device information to the attacker's server. This data covers IMEI, phone number, country and network codes, and more. It also transmits the victim's contacts and account details every five minutes, can set up microphone recordings and can exfiltrate files from external storage.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.