Infected WhatsApp mod app appears on Google Play store, do not download it

Kaspersky has discovered a new trojan that infects a modified version of WhatsApp available on Google Play Store as FMWhatsApp. The trojan is able to download payload onto a device that further conducts malicious activities without the device owner’s knowledge.

Anew trojan has been discovered in a modified version of WhatsApp for Android. Called Trojan Triada, the malware is able to download a payload that further carries out malicious activities on the device without the consent of the user.

The new discovery has been made by cybersecurity major Kaspersky. Researchers from the team shared in a recent report that the Trojan Triada affects FMWhatsApp 16.80.0, a modified version of WhatsApp. Such apps serve to provide additional features to users which are not found in the original WhatsApp.

Kaspersky notes that the Trojan Triada has now snuck its way into the new version of FMWhastApp along with its advertising software development kit (SDK). Upon launching the app infected with the trojan, it gathers unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) and sends them back to a remote server.

The server reportedly registers the new device and sends back a link to a payload. The trojan in the app then downloads this payload onto the infected device, decrypts the content and launches it for operation.

Researchers have identified a number of different types of malware carrying out such activities through FMWhatsApp. While one of them only downloads the aforementioned payload, other can perform multiple functions on the infected device.’ This includes displaying full-screen ads, running invisible ads in the background to increase the number of views they get, and even signing up the device owner up for paid subscriptions without their knowledge.

Kaspersky notes that since users of FMWhatsApp grant the app permission to read their device SMS, the trojan and its other malicious modules can make use of this permission. They may thus sign up the victim for paid subscriptions easily, even if a confirmation code on SMS is needed to complete the process.

Kaspersky warns users against downloading and using such “unofficial modifications of apps, especially WhatsApp mods.” It highlights that other than being signed up for unwanted paid subscriptions, users can even lose complete control of their accounts altogether. Hackers can hijack such accounts to further spread spam and malware in your name.

Leave a Reply

Your email address will not be published. Required fields are marked *