Kaspersky experts have discovered a malicious version of a popular WhatsApp Messenger mod, an unofficial modification of the app. The 'FMWhasapp' mod distributes the Triada mobile trojan, which can download other trojans, display advertisements, take out subscriptions and intercept SMS from the affected user.
With around two billion users worldwide, WhatsApp is one of the most popular instant messengers, but not all users are satisfied with the functions available. Users are therefore sometimes looking for more user-friendly and modified versions that offer more options than the official version - such as the choice of dynamic templates or the ability to read deleted messages.
Damage code is delivered directly
Such apps are financed by the fact that the developers allow ads within the applications. However, fraudsters also take advantage of this by distributing malicious code via the advertisements placed. The Kaspersky experts have now discovered such an example in the 16.80.0 version of FMWhasapp. The mod contains the Triada Trojan as well as an advertising library.
The Triada Trojan acts as a kind of intermediary. It first collects data about the user's device and then downloads further Trojans to the smartphone on command. These can then display advertisements independently of one another, take out paid subscriptions in the name of the smartphone owner or even log into the WhatsApp account by intercepting the SMS with the login confirmation code. This leaves the victim vulnerable to illegal activities carried out over their phone. Kaspersky solutions detect the malicious code as Trojan.AndroidOS.Triada.ef.
Triada Trojan collects data
"With this app, it is difficult for users to identify the potential threat, because the mod application actually does what it says on the tin: it offers additional features," comments Igor Golovin, Kaspersky security researcher. “However, we have observed that cyber criminals have started to proliferate malicious files through the ad blocks in such apps. That's why we recommend only using messenger apps downloaded from official app stores. While these may not offer some additional features, they will not install malware on the smartphone either.” Especially users who also use WhatsApp in the company should only download applications from official stores and reliable sources to protect against harmful apps and their modifications.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/