Beware of this fake application that imitates WhatsApp! Promising additional functions, it actually contains malware that steals your personal data and records you without your knowledge with your phone’s microphone!.
With its billions of users – and therefore potential victims – WhatsApp is often the target of hackers who lack neither ingenuity nor nerve to achieve their ends. The application is therefore regularly targeted by phishing campaigns and other scam attempts. And that’s without counting the fake, corrupted applications that are currently swarming on application stores and websites, promising many functions missing from the official version of instant messaging… Moreover, Kasperky experts have discovered a copy of WhatsApp which has been circulating since this summer through an APK shared on Telegram channels. Offering various customizable options, such as the ability to schedule the sending of a message, it actually contains a Trojan horse called Trojan-Spy.AndroidOS.CanesSpy, responsible for siphoning off all your personal data. Worse yet, it can even record you using your smartphone’s microphone!
Corrupted copy of WhatsApp: malware designed for espionage
The compromised application exhibits suspicious behavior upon installation since it includes components (a service and a broadcast receiver) which are not found in the official WhasApp client. The malware waits until your phone is turned on or starts charging to activate the spying module. The software will then collect the IMEI (the unique number assigned to each mobile phone), telephone number, country code, mobile network code, configuration details, contact directory, details of your accounts and files stored on the terminal memory. The virus will even turn on the smartphone microphone without your knowledge to listen to you!
According to cybersecurity researchers, the Trojan has been active since mid-August 2023 and has already attempted to steal the data of 340,000 people in more than a hundred countries between October 5 and 31 – but the actual number of installations is probably much higher. The most affected countries are Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt. Only a little more than 1% of attacks were located in France.
One of the malware’s distribution channels was followed by more than two million users. “People naturally trust apps from well-followed sources, but malicious agents know how to exploit this trust. The spread of malicious mods through popular third-party platforms highlights the importance of using official instant messaging software”, explains Dmitry Kalinin, security expert at Kaspersky, in his report. This issue only affects Android users because Apple only allows downloading apps approved by the App Store. Also, it is better to never install any third-party app outside of official stores, as you cannot know what a malicious developer may have slipped into the app code. And even in the app stores, take the time to check before each download the little details that might alert you – number of downloads, reviews, name of the developer, authorization requests, other apps developed, etc. Finally, use an antivirus in the background to ensure that malicious behavior is not taking place in the background.