December 1, 2023

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge.

The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK).

Modified versions of legitimate WhatsApp Android app FMWhatsApp allows users to customize the app with different themes, personalize icons, and hide features like last seen, and even deactivate video calling features.

The tampered variant of the app comes equipped with capabilities to gather unique device identifiers, which is sent to a remote server that responds back with a link to a payload that’s subsequently downloaded, decrypted, and launched by the Triada trojan.

The payload, can be employed to carry out a wide range of malicious activities ranging from downloading additional modules and displaying full-screen ads to stealthily subscribing the victims to premium services and signing into WhatsApp accounts on the device. This could lead to performing Social Engineering attacks.

Highlighting FMWhatsapp users grant the app permission to read their SMS messages, which means that the Trojan and all the further malicious modules it loads also gain access to them.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023
%d bloggers like this: