Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Modified version of Android WhatsApp installs Triada Trojan

Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on the devices. Researchers from Kaspersky spotted a modified version of WhatsApp for Android, which offers extra features, but which installs the Triada Trojan on the devices. WhatsApp users sometimes look for mods that offer extra […]

modified whatsapp android

Experts spotted a modified version of WhatsApp for Android, which offers extra features, but that installs the Triada Trojan on the devices.

Researchers from Kaspersky spotted a modified version of WhatsApp for Android, which offers extra features, but which installs the Triada Trojan on the devices.

WhatsApp users sometimes look for mods that offer extra features such as animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages. These modified versions of the popular instant messaging app usually contain ads.

The version discovered by Kaspersky is called FMWhatsapp 16.80.0 together, experts also discovered the advertising software development kit (SDK) that included the downloader for the malicious payload.

“The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK),” reads the analysis published by Kaspersky.”This is similar to what happened with APKPure, where the only malicious code that was embedded in the app was a payload downloader.”

Upon launching the app, it will gather unique device identifiers (Device IDs, Subscriber IDs, MAC addresses) and the name of the app package where they’re deployed. These data are sent to a remote server to register the device, which in turn responds by sending a link to a payload which the Triada Trojan downloads, decrypts, and launches.

modified whatsapp android

The malicious payload could be used to conduct a wide range of malicious activities, including downloading additional modules, stealthily subscribing the victims to premium services, and signing into WhatsApp accounts on the device.

The attackers can also take control of the WhatsApp accounts and spread spam sent on behalf of the victims.

“It’s worth highlighting that FMWhatsapp users grant the app permission to read their SMS messages, which means that the Trojan and all the further malicious modules it loads also gain access to them. This allows attackers to automatically sign the victim up for premium subscriptions, even if a confirmation code is required to complete the process.” concludes Kaspersky. “We don’t recommend using unofficial modifications of apps, especially WhatsApp mods. You may well end up with an unwanted paid subscription, or even loose control of your account altogether, which attackers can hijack to use for their own purposes, such as spreading spam sent in your name.”

Experts also shared Indicators of Compromise (IoCs) for this modified version.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WhatsApp)

[adrotate banner=”5″]

[adrotate banner=”13″]