Cybersecurity researchers have discovered a new malicious “WhatsApp spy mod”, which has attacked messaging platform Telegram users more than 340,000 times in October alone, a new report said.

According to the cybersecurity firm Kaspersky, this malware mainly targets users who communicate in Arabic and Azeri, with victims identified globally.

As users turn to third-party mods for popular messaging apps to add extra features, the researchers explained that some of these mods, while enhancing functionality, also come with hidden malware.

According to them, the new WhatsApp mod offers not only additions like scheduled messages and customizable options, but it also contains a malicious spyware module.

The modified WhatsApp client’s manifest file includes suspicious components (a service and a broadcast receiver) not present in the original version.

The receiver initiates a service, launching the spy module when the phone is powered on or charging.

Once activated, the malicious implant sends a request with device information to the attacker’s server.

Buy Me A Coffee

This data covers IMEI, phone number, country and network codes, and more.

It also transmits the victim’s contacts and account details every five minutes as well as able to set up microphone recordings and exfiltrate files from external storage, the report said.

The highest attack rates were recorded in Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt. While the preference is for Arabic and Azerbaijani-speaking users, it also affects people from the US, Russia, the UK, Germany, and other countries.

Meta, Match Group, Coinbase, Others Team Up to Prevent, Disrupt Financial Scams

To stay safe, experts recommend using official marketplaces, downloading apps and software from reputable and official sources, and avoiding third-party app stores, as the risk they may host malicious or compromised apps is higher.

“The spread of malicious mods through popular third-party platforms highlights the importance of using official IM clients. However, if you need some extra features not present in the original client, you should consider employing a reputable security solution before installing third-party software, as it will protect your data from being compromised,” said Dmitry Kalinin, a security expert at Kaspersky.