Security News > 2021 > August > Malicious WhatsApp mod infects Android devices with malware

A malicious version of the FMWhatsappWhatsApp mod delivers a Triadatrojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan.
FMWhatsApp promises to improve the WhatsApp user experience with added features such as better privacy, custom chat themes, access to other social networks' emoji packs, and app locking using a PIN, password, or the touch ID. However, as Kaspersky researchers found, the FMWhatsapp 16.80.0 version will also drop the Triada trojan on users' devices with the help of an advertising SDK. Trojan harvests device info and installs more malware.
Malware dropped by Triada on FMWhatsApp users' Android devices can easily sign them up to premium subscription given that the app requests access to the victims' text messages when installed.
Among the malware delivered by Triada, xHelper stands out through its uncanny ability to reinfect Android devices hours after being removed or after the infected devices are reset to factory settings.
First observed by Malwarebytes in March 2019, when it began slowly spreading onto over 32,000 Android devices, xHelper eventually infected a total of 45,000 devices until October 2019.
While completely reflashing the Android system on infected devices is the most foolproof method to get rid of xHelper, Malwarebytes came up with a second method which involves installing the company's free Malwarebytes for Android app.
News URL
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)