InfoSecBulletin Cybersecurity for mankind
Telegram is one of the most popular social media platforms in the world. The platform is constantly being updated. But recently cyber security experts have discovered a new malware. The malicious ‘WhatsApp Spy Mode’ has already attacked messaging platform Telegram users at least 340 thousand times.
According to the researchers, this happened throughout the month of October. A report about this terrible malware has come to light. According to cybersecurity firm Kaspersky, the malware mainly attacks people who speak Arabic, Azeri languages.
First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report
Prince Ransomware Hits UK and US
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns
A summary of “2024 State of Cybersecurity survey” by ISACA
ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress
Researchers detected 31 new Malware in September
CRI Release New Ransomware Response Guidance
ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws
Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching
CISA Warns
Network switch RCE flaw impacts critical infrastructure
Users who crave additional features from popular messaging apps often take the help of third-party apps. This is where the danger lies, the researchers explained. Third party apps offer additional features. But it also contains some malware.
While this new WhatsApp mod offers scheduled messages and customizable options, it also contains malicious spyware, they said. Victim contact and account details are sent every 5 minutes. At the same time, this spy module is also able to set up microphone recording and extract files from external storage.
The manifest file of the modified WhatsApp client contains several suspicious elements, which are not present in the original version. Whenever the receiver starts a service, the spy module is also activated when the phone is turned on or while charging. And once that spy module is activated, the malicious implant sends a request with device information to the attacker’s server. The data that is covered includes IMEI, phone number, country and network codes, among others.
However, users from Azerbaijan, Saudi Arabia, Yemen, Turkey and Egypt are the most affected. As the target is Arabic and Azerbaijani speakers, people from USA, Russia, Britain, Germany and other countries are also affected by this scam. Experts advise to be careful in using social media.
