Do not use this version of WhatsApp: it contains dangerous spyware!

Do not use this version of WhatsApp: it contains dangerous spyware!

Beware of this fake application that mimics WhatsApp! While promising additional features, it contains malware that can steal your personal data and record you without your knowledge, using your phone's microphone!

With billions of users, WhatsApp has become a frequent target for hackers who demonstrate both ingenuity and audacity in pursuing their objectives. The application regularly faces phishing campaigns and other attempted scams, not to mention the proliferation of fake applications on app stores and websites. These imitations promise numerous functions that are absent from the official version of the instant messenger.

In fact, Kaspersky experts have recently uncovered a copy of WhatsApp circulating since this summer through an APK shared on Telegram channels. This fraudulent version offers various customizable options, such as scheduling message sending, but it harbors a Trojan named Trojan-Spy.AndroidOS.CanesSpy. This malicious software is designed to surreptitiously extract all your personal data and, even more concerning, it can record you using your smartphone's microphone

Malicious copy of WhatsApp: malware designed for spying

Upon installation, the malicious application exhibits suspicious behavior by incorporating components (a service and a broadcast receiver) not present in the official WhatsApp client. The malware remains dormant until your phone is powered on or begins charging, at which point it activates the spy module. Subsequently, the software collects various data, including IMEI (the unique number assigned to each cell phone), phone number, country code, mobile network code, configuration details, contact directory, account information, and files stored in the terminal's memory. Disturbingly, the virus can even surreptitiously activate the smartphone's microphone to eavesdrop without your knowledge.

Kaspersky WhatsApp
© Kaspersky

Cybersecurity researchers report that the Trojan has been operational since mid-August 2023 and, between October 5 and 31, attempted to pilfer data from 340,000 individuals in over 100 countries. The actual number of installations is likely much higher. The countries most affected include Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.

One distribution channel for the malware attracted over two million users. Dmitry Kalinin, a security expert at Kaspersky, emphasizes the exploitation of trust in widely followed sources by malicious agents: "People naturally trust apps from highly followed sources, but fraudsters exploit this trust. The spread of malicious mods through popular third-party platforms highlights the importance of using official IM clients. However, if you need some extra features not presented in the original client, you should consider employing a reputable security solution before installing third-party software, as it will protect your data from being compromised. For robust personal data protection, always download apps from official app stores or official websites."

It is advisable to refrain from installing third-party apps outside official stores due to the potential risks introduced by unverified developers. Even within app stores, be cautious by scrutinizing details such as the number of downloads, reviews, developer information, authorization requests, and other apps developed. Additionally, employing antivirus software in the background can help detect and prevent malicious activities.