A malicious version of a popular WhatsApp mod has been detected spreading the Triada mobile Trojan, cybersecurity researchers have found.
The FMWhatsapp mod adds several useful features to the stock messenger app for things like customization, privacy, and security.
Flagged by Kaspersky, the infected malicious mod downloads other Trojans and can launch ads, issue subscriptions, and intercept a user’s SMSs.
TechRadar needs you!
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
>> Click here to start the survey in a new window <<
“With this app, it is hard for users to recognize the potential threat because the mod application actually does what is proposed – it adds additional features. However, we have observed how cybercriminals have started to spread malicious files through the ad blocks in such apps,” comments Igor Golovin, security expert at Kaspersky.
Stick to official apps
According to Kaspersky, the threat actors have tainted the FMWhatapp line of mods by stuffing the trojan-laced version (v16.90.0 to be exact) in between official releases.
The researchers note that the trojan-infused version first collates details about the device it’s on, and then pulls in other trojans, which exhibit further malicious behavior.
To avoid falling victim to such tainted apps, Golovin suggests that users only download software from the official app stores, while carefully checking the permissions sought by the apps.
“They may lack some additional functions, but they will not install a bunch of malware on your smartphone,” concludes Golovin.