A malicious update to the FMWhatsApp WhatsApp mod infects target Android devices with the Triada Trojan. This trojan, in turn, delivers other threats to the compromised devices, including the notorious xHelper.
FMWhatsapp WhatsApp Mod Infecting Android
Researchers from Kaspersky have spotted a new threat for WhatsApp users in the wild.
Specifically, they found a malicious version of FMWhatsApp WhatsApp mod deploying trojan on Android devices.
In brief, WhatsApp mods are modified versions of WhatsApp that often lure users with more features not available in the original app. That’s why naïve users often prefer using these alternatives instead of the conventional WhatsApp.
While not all these mods are malicious, there have been many instances of malware impersonating WhatsApp mods to target users.
As elaborated in Kaspersky’s post, the problem appears with the FMWhatsapp 16.80.0 and the advertising SDK. They noticed the presence of Trojan.AndroidOS.Triada.ef in the code that is a potent malware infecting Android devices.
After installation, Triada trojan steals device identifiers and the app package names to get the device registered on its remote server. In response, the server commands the trojan for the next action that may include the deployment of more trojans. Some of the subsequent malware that Triada deploys include,
- Trojan-Downloader.AndroidOS.Agent.ic: downloads malicious modules.
- Trojan-Downloader.AndroidOS.Gapac.e: displays intrusive ads and downloads malicious modules.
- Trojan-Downloader.AndroidOS.Helper.a: potent adware that also triggers xHelper infections.
- Trojan.AndroidOS.MobOk.i: registers infected devices for paid subscriptions.
- Trojan.AndroidOS.Subscriber.l: signs up devices for paid subscriptions.
- Trojan.AndroidOS.Whatreg.b: logins WhatsApp account on infected devices, gains access to SMS messages, evades SMs code verification requirements by taking over this functionality, and can facilitate future sneaky subscriptions to premium services.
Be Wary Of Unofficial Apps
Perhaps, the only viable way to fend off such attacks is to avoid using modified app versions completely. While it looks attractive to use pirated versions of subscription-based tools to evade payments or using feature-rich alternatives to popular apps, these things are always risky.
Just like most pirated programs are often bundled with malware, or phishing websites host malicious programs, modified apps like FMWhatsApp can go malicious at any time.
Therefore, users should always stick to using legit apps from official sources only, and avoid using modified versions. In fact, users should also avoid downloading apps from any third-party sources even if they offer legit programs. It’s better to compromise a bit on making payments or managing with fewer features rather than compromising your security.