Modified version of WhatsApp delivers Triada Malware
WhatsApp messaging app’s modified version for Android has been observed to deliver malicious payloads, display full-screen ads, and make device owners sign up for premium subscriptions without them knowing.
Kaspersky stated that the Trojan Triada came into FMWhatsApp 16.80.0 with the advertising software development kit (SDK). They claim it to be similar to the incident of APKPure, where the embedded code was a payload downloader.
The altered versions of Android apps are designed to perform functions other than those intended by the developers. FMWhatsApp is one such app that enables its users to add customization options through different themes, icons, and hiding features such as last seen and even deactivating video calling features.
Triada malware acts as a software backdoor and malware downloader, installing a Trojan onto compromised devices. The modification of the app detected by Kaspersky is well equipped to gather unique device identifiers, sending them to a remote server that responds with a link to a payload that is then downloaded, decrypted, and launched by the Trojan.
The payload is used to carry out a wide range of malicious actions. This varies from downloading additional modules and displaying full-screen ads to subscribing the users to premium services and getting access to WhatsApp accounts. What’s more problematic is that the threat actors can easily hijack the WhatsApp accounts and conduct social engineering attacks or spread spam messages, thus acting as a doorway to distribute the malware to many other devices.
Also Read: Android Trojan compromises Facebook Accounts
Researchers pointed to the fact that FMWhatsapp users give the app permission to read their SMS messages, which further poses threats like allowing Trojan and other malicious modules to access them. They further said that this permits the attackers to sign up on behalf of the victim for premium subscriptions as they can even opt for the confirmation code to complete the process.
