This Tuesday (24), Kaspersky revealed a dangerous threat in one of the most popular modifications (mod) of WhatsApp. The problem is a trojan, known as Triada, present in the modified FMWhatsApp application and capable of infecting Android devices with various other malware.
While FMWhatsApp looks harmless with its additions such as supposedly increased privacy, colorful themes and emoji packs, the “price” for the features can be expensive. Oftentimes, modifications to apps like WhatsApp are offered for free or with built-in advertisements in order to generate revenue for their developers.
However, apps can get infected in their delivery process, which takes place outside of Google Play. In this way, infected installation packages (APKs) become increasingly difficult to track and more likely to mislead users.
In the case of FMWhatsApp, this issue has been identified in its 16.80.0 version, which houses an efficient and dangerous trojan. Once installed, Triada searches for sensitive user data, sends it to its “command center” and obtains an appropriate course of action for the device.
As per the response, the virus installs other malware responsible for suddenly displaying advertisements across the screen or in the background; can clone WhatsApp via security verification codes and even enroll users in subscriptions without their authorization.
Among the malware installed by Triada through FMWhatsApp, the persistent xHelper stands out. When installed, the software tries to replicate itself in web browsers, forcing other malicious and unwanted applications to download.
If it suffers an uninstall attempt, xHelper copies its files to the Android system partition, making it almost “immune” to the user’s efforts — leaving little solution beyond a complete phone restore. The malware was discovered in March 2019 and even infected more than 45,000 devices a few months later.
For these reasons, Kaspersky recommends using official applications