Security News > 2021 > August > Malicious WhatsApp mod infects Android devices with malware

A malicious version of the FMWhatsappWhatsApp mod delivers a Triadatrojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan.

FMWhatsApp promises to improve the WhatsApp user experience with added features such as better privacy, custom chat themes, access to other social networks' emoji packs, and app locking using a PIN, password, or the touch ID. However, as Kaspersky researchers found, the FMWhatsapp 16.80.0 version will also drop the Triada trojan on users' devices with the help of an advertising SDK. Trojan harvests device info and installs more malware.

Malware dropped by Triada on FMWhatsApp users' Android devices can easily sign them up to premium subscription given that the app requests access to the victims' text messages when installed.

Among the malware delivered by Triada, xHelper stands out through its uncanny ability to reinfect Android devices hours after being removed or after the infected devices are reset to factory settings.

First observed by Malwarebytes in March 2019, when it began slowly spreading onto over 32,000 Android devices, xHelper eventually infected a total of 45,000 devices until October 2019.

While completely reflashing the Android system on infected devices is the most foolproof method to get rid of xHelper, Malwarebytes came up with a second method which involves installing the company's free Malwarebytes for Android app.

News URL

https://www.bleepingcomputer.com/news/security/malicious-whatsapp-mod-infects-android-devices-with-malware/