JAKARTA - Sometimes, not a few people choose to download and use third-party application mods, for reasons of payment in the application or just want to use additional features.

Unfortunately, there is no security guarantee when using it, especially since some mods are also accompanied by hidden malware. Kaspersky researchers have identified new WhatsApp mods that not only offer additions such as scheduled messages and customizable options, but also contain malicious spyware modules.

Where the recipient will start the service, launch a spy module (spy) when the phone is turned on or charged. Once activated, the malicious implant sends a request containing device information to the attacker's server.

These data include IMEI, phone numbers, state and network codes, and more. It also sends victim contacts and account details every five minutes and is able to adjust microphone recordings to extract files from external storage.

This dangerous version spreads through popular Telegram channels, which mostly target Arabic and Azeri speakers, with some of the channels having nearly two million subscribers.

Kaspersky researchers have informed Telegram of this issue. Kaspersky Telemetry identified more than 340,000 attacks involving this mod only in October. This threat emerged relatively new and active in mid-August 2023.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)