Hidden Spyware Detected in Multiple WhatsApp Mods
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Third-party developed mods for instant messaging services have grown in popularity among users looking for additional features not found in the official client apps. However, most of these mods often come laden with hidden malware.
Discovered by researchers at Kaspersky, several previously harmless WhatsApp mods were found containing a spy module dubbed as Trojan-Spy.AndroidOS.CanesSpy.
According to the security researchers, the spy module operates by using the suspicious features – service and broadcast receiver, found in the trojanized mod. These features are not a part of the official WhatsApp program.
Upon deployment, the broadcast component listens for various system and application broadcasts, like charging of phones, files downloaded, and text messages. On receiving such messages, the receiver activates the spy module, generally when either the phone begins charging or it is turned on.
Meanwhile, the service component is responsible for selecting the command-and-control (C2) server (point of contact). Upon activation, the malicious implant sends device information, including the IMEI, phone number, mobile country code, mobile network code and more to the C2 server. Moreover, the spyware also gathers configuration details and transmits the victim’s contacts and accounts data every five minutes.
‘’After the device information is successfully uploaded, the malware starts asking the C&C for instructions, which the developers call “orders”, at preconfigured intervals (one minute by default),’’ the advisory stated .
During the investigation, it was noticed that all messages sent to the C2 server were in Arabic, suggesting that the developer spoke Arabic. Various dubious websites promoting these WhatsApp mods and popular Telegram channels, mostly in Arabic and Azeri languages were used to distribute the trojanized mods, discovered Kaspersky.
Related to this spyware mod, the cybersecurity solution provider is said to have blocked more than 340,000 attacks in over 100 countries, between October 5 and 31 alone. Its investigation further revealed that a high number of attacks were mainly recorded in countries like Azerbaijan, Saudi Arabia, Yemen, Turkey, and Egypt.
Kaspersky went on to advise users to use only the official messaging clients to secure their personal data. “Should you need the extra features, we advise that you use a reliable security solution that can detect and block the malware if the mod you chose proves to be infected,’’ the advisory recommended.
Okta Says Nearly 5K Employees Impacted via Third-Party Data Breach
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Okta, a leading identity and access management solution provider, disclosed another data breach incident affecting nearly 5,000 of its current and former employees.
According to the company’s notice, the security incident is said to be related to one of its third-party vendors, Rightway Healthcare. The company provides healthcare support services to Okta’s employees and their dependents, helping them find healthcare providers and rates.
On October 12, Okta was informed of the breach by Rightway, however, the actual incident is said to have occurred on September 23, 2023.
‘’[..] Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta,’’ the company notice read.
Upon discovering the incident, an immediate investigation was launched by Okta and the affected file was reviewed to understand the possible impact on its former and current employees and their families.
‘’The types of personal information contained in the impacted eligibility census file included your Name, Social Security Number, and health or medical insurance plan number,’’ the investigation revealed. Okta emphasized that there was no evidence to suggest that impacted people’s personal information was misused.
However, as a precautionary measure, it is offering 2 years complimentary credit monitoring, identity restoration, and fraud detection services, to the affected individuals from Experian’s IdentityWorks product.
The incident which was reported to the Office of the Maine Attorney General revealed that a total of 4,961 employees were impacted by this breach.
The San Francisco-based cloud authentication software provider has suffered a series of security breaches over the past 2 years. The most recent being the October 20 credential theft attack, wherein its support management system was breached to steal sensitive user information.
Prior to this, in December 2022, the company found its private GitHub repositories hacked .
