Security News > 2021 > August > Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

"The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit," researchers from Russian cybersecurity firm Kaspersky said in a technical write-up published Tuesday.

Modified versions of legitimate Android apps - a practice called Modding - are designed to perform functions not originally conceived or intended by the app developers.

FMWhatsApp, billed as a custom build of WhatsApp, allows users to refashion the app with different themes, personalize icons, and hide features like last seen, and even deactivate video calling features.

The tampered variant of the app detected by Kaspersky comes equipped with capabilities to gather unique device identifiers, which are sent to a remote server that responds back with a link to a payload that's subsequently downloaded, decrypted, and launched by the Triada trojan.

Even worse, the attackers can hijack and take control of the WhatsApp accounts to carry out social engineering attacks or distribute spam messages, thus propagating the malware to other devices.

"It's worth highlighting that FMWhatsapp users grant the app permission to read their SMS messages, which means that the Trojan and all the further malicious modules it loads also gain access to them," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/wct5SNYEIyY/modified-version-of-whatsapp-for.html