Kaspersky discovered a malicious version of a popular WhatsApp messaging mode called FMWhatsapp. This mode is used to propagate the Triada mobile Trojan Horse, which can download other Trojans, display involuntary ads, and block sms from users of their choice who can subscribe.
Although WhatsApp is one of the most popular apps for instant messaging, not all users are satisfied with every feature it offers. Those looking for a more user-friendly version of the app can go on to install their modified version, which offers much more options than the official version of WhatsApp. This allows you to choose dynamic templates or read deleted messages.
In such apps, creators often go out of their way to run a variety of ads to moistish about their work. On the other hand, there are scammers who take advantage of users’ interest in these modes and often distribute malicious code through advertising. An example of this is FMWhatsapp – version 16.80.0, which includes the Triada Trojan Horse and one of its ad libraries.
In the dangerous version of FMWhatsapp mode, the Triada Trojan Horse acts as a mediator. Trojan Horse first collects data about the user’s mobile device and then downloads one of the other Trojan horses to the smartphone at the order of the owner. These Trojans can independently launch ads, give paid subscriptions to the device owner, even log in to their WhatsApp account, capture the login confirmation SMS and delete it when it’s done, leaving the victim vulnerable to illegal activity via their phone.
Kaspersky Security Expert Igor Golovin says: “It is difficult to identify the potential threat as the user installs this application voluntarily. However, we observe that cybercriminals are beginning to spread malicious files through advertising blocks in such applications. Therefore, we recommend that you use only messaging software downloaded from official app stores. They may not have some desired additional functionality, but they also do not install a lot of malware on your smartphone.”
Kaspersky solutions detect the malicious implant as Trojan.AndroidOS.Triada.ef.
To keep you safe, Kaspersky experts recommend:
Install apps only from official stores and trusted sources
Don’t forget to check what permissions you give installed apps – some of which can be very dangerous
Install reliable mobile antivirus software on your smartphone. This software will detect and prevent potential threats.