Skip to content Skip to Search
Skip navigation

Arabic speakers targeted by malicious WhatsApp hackers

A young arab woman with a mobile phone: hackers are targeting WhatsApp users Pexels/Keira Burton
Arabic-speaking WhatsApp users are falling victim to unknown hackers spreading malware via the WhatsApp messaging software
  • 340,000 attacks in October
  • Saudi Arabia, Yemen and Egypt hit
  • US, UK and Russia also affected

Arabic-speaking WhatsApp users are being targeted by unidentified hackers who are distributing spying malware through a modified version of the messaging service.

The Russian cybersecurity firm Kaspersky reported that the hackers had launched more than 340,000 attacks in October alone. Saudi Arabia, Azerbaijan, Yemen, Egypt and Turkey experienced the highest attack rates. 

The malware has also affected users in the US, UK, Germany and Russia.

The modified version of WhatsApp offers many enhancements over the standard version, including scheduled messages and customisable options.  

Kaspersky said in its blog: “The modified WhatsApp client’s manifest file includes suspicious components – a service and a broadcast receiver – not present in the original version.

“The receiver initiates a service, launching the spy module when the phone is powered on or charging.”

Malicious mode

Once activated, the malicious implant sends a message with information about the device it has been downloaded onto to the attackers’ server. 

This data includes the IMEI, a numeric identifier that networks use to recognise valid devices, the phone number, and the country and network codes.  

The malware also transmits the victim’s contacts and accounts details every five minutes, and it can set up microphone recordings and exfiltrate files from external storage.

The modified version has made its way to users through popular channels on Telegram Messenger, primarily for Arabic and Azeri-speaking users, some of which had nearly two million subscribers.

Kaspersky said that the threat emerged in mid-August 2023. Dmitry Kalinin, a security expert at Kaspersky, said: “The spread of malicious mods through popular third-party platforms highlights the importance of using official instant messaging apps.

“For robust personal data protection, always download apps from official app stores or official websites.”