• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
canesspy spyware discovered in modified whatsapp versions

CanesSpy Spyware Discovered in Modified WhatsApp Versions

You are here: Home / General Cyber Security News / CanesSpy Spyware Discovered in Modified WhatsApp Versions
November 3, 2023

Cybersecurity researchers have unearthed a quantity of WhatsApp mods for Android that come equipped with a adware module dubbed CanesSpy.

These modified variations of the fast messaging application have been observed propagated by using sketchy sites marketing these kinds of application as well as Telegram channels utilized primarily by Arabic and Azerbaijani speakers, one of which boasts 2 million customers.

“The trojanized consumer manifest consists of suspicious elements (a provider and a broadcast receiver) that can not be discovered in the authentic WhatsApp consumer,” Kaspersky security researcher Dmitry Kalinin reported.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

Especially, the new additions are intended to activate the adware module when the phone is switched on or commences charging.

It subsequently proceeds to create call with a command-and-regulate (C2) server, followed by sending data about the compromised product, this sort of as the IMEI, phone range, mobile nation code, and mobile network code.

CanesSpy also transmits details about the victim’s contacts and accounts every five minutes, in addition to awaiting additional recommendations from the C2 server each moment, a placing that can be reconfigured.

This features sending data files from external storage (e.g., detachable SD card), contacts, recording sound from the microphone, sending knowledge about the implant configuration, and altering the C2 servers.

Modified WhatsApp

The point that the messages sent to the C2 server are all in Arabic indicates that the developer at the rear of the procedure is an Arabic speaker.

Additional assessment of the operation shows that the spyware has been energetic since mid-August 2023, with the campaign largely targeting Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.

Cybersecurity

The development marks the ongoing abuse of modified versions of messaging products and services like Telegram and WhatsApp to distribute malware to unsuspecting end users.

“WhatsApp mods are mainly distributed by way of 3rd-party Android application stores, which normally lack screening and fail to acquire down malware,” Kalinin mentioned. “Some of these assets, this sort of as 3rd-party application merchants and Telegram channels, delight in sizeable popularity, but that is no warranty of basic safety.”

Observed this post intriguing? Adhere to us on Twitter  and LinkedIn to read a lot more exclusive content material we submit.


Some areas of this article are sourced from:
thehackernews.com

Previous Post: «48 malicious npm packages found deploying reverse shells on developer 48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
Next Post: Predictive AI in Cybersecurity: Outcomes Demonstrate All AI is Not Created Equally predictive ai in cybersecurity: outcomes demonstrate all ai is not»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.