Cybersecurity Kaspersky has raised an alert about an extremely popular WhatsApp modified version that is spreading a Trojan called Triada, which downloads malicious malware on users’ mobile phones.
According to the research, Triada downloads other Trojans and can launch ads, issue subscriptions, and intercept your SMS messages.
Here’s the full list of malware FMWhatsApp downloads:
1. Trojan-Downloader.AndroidOS.Agent.ic, a Trojan that downloads and runs other malicious modules;
2. Trojan-Downloader.AndroidOS.Gapac.e, which downloads and runs other malicious modules and can also display full-screen ads at unexpected moments;
3. Trojan-Downloader.AndroidOS.Helper.a, which downloads and runs the installer module of the xHelper Trojan and runs invisible ads in the background;
4. Trojan.AndroidOS.MobOk.i, a Trojan that signs up for paid subscriptions;
5. Trojan.AndroidOS.Subscriber.l, another Trojan that signs up for paid subscriptions;
6. Trojan.AndroidOS.Whatreg.b, signs in to the WhatsApp account on the victim’s phone, intercepting the login confirmation text. The device can then become a site for various types of illegal activity like illegal trading.
“With this app, it is hard for users to recognize the potential threat because the mod application actually does what is proposed – it adds additional features. However, we have observed how cybercriminals have started to spread malicious files through the ad blocks in such apps. That is why we recommend you only use messenger software downloaded from official app stores. They may lack some additional functions, but they will not install a bunch of malware on your smartphone,” comments Igor Golovin, a security expert at Kaspersky.
Users have been warned to delete the app immediately if they have it installed on their phones.
