Monday, January 17, 2022

FMWhatsApp spreading dangerous Trojan which clicks ads, reads user’s SMS

Kaspersky has discovered a malicious version of a popular WhatsApp messenger mod (unofficial modification of the app) called FMWhatsapp. This mod spreads the Triada mobile Trojan, which downloads other Trojans and can launch ads, issue subscriptions, and intercept a user’s SMSs. 

Even though WhatsApp is one of the most popular apps for instant mobile messaging, not all users are satisfied with its features. Looking for the most user-friendly version,people can be tempted to install modified versions of WhatsApp, which provide many more options than the official one (such as choosing dynamic templates or the ability to read deleted messages). 

In such apps, creators often publish various ads to monetise their work. On the flip side, there are fraudsters taking advantage of this, often distributing malicious code through advertising. One example of this is FMWhatsapp – the 16.80.0 version – which includes the Triada Trojan and one of the ad libraries.

In the dangerous version of the FMWhatsapp mod, the Triada Trojan acts as a mediator.

What the Trojan on FMWhatsApp can do:

  1. First, it collects data about the user’s mobile device and then,
  2. at the owner’s command, downloads one of the other Trojans to the smartphone.
  3. These Trojans can independently launch ads,
  4. issue paid subscriptions to the device owner and
  5. even log into the WhatsApp account, intercepting the SMS to confirm login – leaving the victim vulnerable to illegal activity through their phone.
FMWhatsApp spreading Trojan which clicks ads, reads user's SMS
Downloaded by Triada, the MobOk Trojan opens a subscription page in an invisible window and clicks the ‘Subscribe’ button for the user

“With this app, it is hard for users to recognise the potential threat because the mod application actually does what is proposed – it adds additional features. However, we have observed how cybercriminals have started to spread malicious files through the ad blocks in such apps. That is why we recommend you only use messenger software downloaded from official app stores. They may lack some additional functions, but they will not install a bunch of malware on your smartphone,” comments Igor Golovin, security expert at Kaspersky.

Kaspersky solutions detected the malicious implant as Trojan.AndroidOS.Triada.ef. 

6,091FansLike
2,878FollowersFollow
16,100SubscribersSubscribe

Leave a Reply

Dickson Otienohttps://tech-ish.com
I love reading emails when bored. I am joking. But do send them to editor@tech-ish.com.

More to read:

Netflix increases prices in US & Canada

Netflix has announced increased subscription fees in the United States and Canada in what appears to now be annual expected change.

Bolt now valued at €7.4 billion after €628 million investment round

Bolt says % it will use the funds to accelerate the expansion of their mobility and delivery products across Eastern African markets.

MARAMOJA opens up API to Fintechs and Insurtechs in Kenya

The company says that Fintechs and Insurtechs now have an opportunity to connect to MARAMOJA's ecosystem via a single API

Blind test: Apple Music vs Spotify Sound Quality Preference

I sat two friends of mine for a blind test of Spotify and Apple Music. I used the same song, the same device, and the same headphones.

FSD Africa invests £3 Million in Kenya’s IMFact Quick Finance Company

FSD Africa Investments (FSDAi), the investing arm of FSD Africa, has announced a £3m investment into IMFact.

Telkom Kenya welcomes CA’s Review of Mobile Termination Rates

Telkom has announced it welcomes the Communication Authority of Kenya's review of the mobile termination rates (MTRs) and fixed termination rates (FTRs) from the previous KES 0.99 to KES 0.12.