Kaspersky’s cybersecurity research teams published a report relayed on Tuesday by Phonandroid. The document claims that FMWhatsApp, an alternative version of the WhatsApp messaging app, contains malicious software named Triada.
“We discovered that the Trojan Triada infiltrated one of these modified versions of messaging called FMWhatsapp 16.80.0 with the adware development kit (SDK),” Kaspersky explained in its report. This alternate version of WhatsApp can be found on alternative app stores for Android phones, such as the APKMirror APK store.
— Kaspersky France (@kasperskyfrance) August 27, 2021
Paid subscriptions taken out without your knowledge
Once the application is installed, this “Trojan horse” infects the smartphone and gives hackers access to a lot of sensitive data. “The malware collects unique device identifiers (device ID, subscriber ID, MAC address) […] and the information they collect is sent to a remote server, ”Kaspersky explained.
Besides, it is also possible to extort money from people whose phones are infected with malware by forcing them into paid subscriptions. Thanks to Triada, hackers have full access to users’ SMS and can therefore validate the bank confirmation code for them. The Trojan Triada thus works on the same principle as Joker, a malware which was found hidden in eight applications of the Play Store last June.
“We do not recommend using unofficial modifications to applications, in particular WhatsApp mods,” Kaspersky specialists wrote in their report. Users who have downloaded this version of the application are invited to uninstall it and clean their phone.