Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

Cyber Security

Products You May Like

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

“The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK),” researchers from Russian cybersecurity firm Kaspersky said in a technical write-up published Tuesday. “This is similar to what happened with APKPure, where the only malicious code that was embedded in the app was a payload downloader.”

Stack Overflow Teams

Modified versions of legitimate Android apps — aka Modding — are designed to perform functions not originally conceived or intended by the app developers, and FMWhatsApp allows users to customize the app with different themes, personalize icons, and hide features like last seen, and even deactivate video calling features.

The tampered variant of the app detected by Kaspersky comes equipped with capabilities to gather unique device identifiers, which is sent to a remote server that responds back with a link to a payload that’s subsequently downloaded, decrypted, and launched by the Triada trojan.

The payload, for its part, can be employed to carry out a wide range of malicious activities ranging from downloading additional modules and displaying full-screen ads to stealthily subscribing the victims to premium services and signing into WhatsApp accounts on the device. Even worse, the attackers can hijack and take control of the WhatsApp accounts to carry out social engineering attacks or distribute spam messages, thus propagating the malware to other devices.

“It’s worth highlighting that FMWhatsapp users grant the app permission to read their SMS messages, which means that the Trojan and all the further malicious modules it loads also gain access to them,” the researchers said. “This allows attackers to automatically sign the victim up for premium subscriptions, even if a confirmation code is required to complete the process.”

Products You May Like

Articles You May Like

Here’s the Real Reason to Turn on Aeroplane Mode When You Fly
US Senate Panel Approves Bill Empowering News Organisations to Negotiate With Facebook, Google for Revenue
Google Pixel Watch Promo Video Reveals Design, Teased to Offer Multiple Watch Faces
GTA 6 Gameplay Videos Leaked Online; Shown to Feature Female Lead Character ‘Lucia’: Report
New York AG wrongly said Yankees game on Apple TV+ costs extra — but it’s free

Leave a Reply

Your email address will not be published.