Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,171
A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

"The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK)," researchers from Russian cybersecurity firm Kaspersky said in a technical write-up published Tuesday. "This is similar to what happened with APKPure, where the only malicious code that was embedded in the app was a payload downloader."

Modified versions of legitimate Android apps — aka Modding — are designed to perform functions not originally conceived or intended by the app developers, and FMWhatsApp allows users to customize the app with different themes, personalize icons, and hide features like last seen, and even deactivate video calling features.

The tampered variant of the app detected by Kaspersky comes equipped with capabilities to gather unique device identifiers, which is sent to a remote server that responds back with a link to a payload that's subsequently downloaded, decrypted, and launched by the Triada trojan.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top