The Ministry of National Security has issued an alert over a new malware found among users in Ghana in some WhatsApp and Telegram applications.
Based on information from multinational cyber security company Kaspersky, the national security ministry said the malware is found in modified versions of WhatsApp and Telegram for Android devices.
These modified WhatsApp and Telegram versions are not from official sources but by independent individuals and groups who engineered the malware into the original applications.
The malware is activated to harvest valuable information from the infected devices with prompts such as when the phone is powered on or when it begins charging. Once activated, the malware establishes contact with the attacker’s remote server and initiates a continuous process of stealing sensitive information.
How it’s being spread
According to this consumer technology news website, the malware-infested WhatsApp and Telegram applications have been circulating primarily in Telegram channels, especially among Arabic and Azeri speakers.
Some of the channels have millions of followers. It has also been found on some websites with the APKs available for download.
Why is this a big deal?
According to Kaspersky, the malware named ConesSpy sends device information to the attacker’s servers every five minutes. The data transmitted includes IMEI, phone number, country and network codes, phone contacts, and account details. The malware can also record audio and steal files from the user’s device.
The malicious way of accessing your personal information breaches data privacy and digital security.
What should you do?
Dmitry Kalinin, a security expert at Kaspersky, says: “People naturally trust apps from highly followed sources, but fraudsters exploit this trust… The spread of malicious mods through popular third-party platforms highlights the importance of using official IM clients. However, suppose you need extra features not present in the original client. In that case, you should consider employing a reputable security solution before installing third-party software, as it will protect your data from being compromised.”
Given that the malware has been confirmed to be in modified versions of WhatsApp and Telegram, emanating from sources other than their own, such as Meta in the case of WhatsApp, it is essential to download the application from their official sources.
– Only download and install applications from official app stores, such as the Google Play Store and be sure they are published by their official owners (WhatsApp from Meta / Telegram from Telegram FZ-LLC). Avoid using modified or unofficial versions.
– Regularly update your official apps to ensure they are covered by security patches and updates that address vulnerabilities.
– Be wary of unusual behaviour exhibited by your device, such as unexpected battery drain, slow performance, or unusual pop-ups. They are potential signs of a security issue.