Kaspersky has warned of a malicious version of a popular WhatsApp mod that contains trojan malware that can attack mobile devices and their owners.
FMWhatsApp is an unofficial modification of the WhatsApp messaging app.
No ad to show here.
It is available to download from several websites and offers extra features on top of the original app.
“With this app, it is hard for users to recognise the potential threat because the mod application actually does what is proposed – it adds additional features,” Kaspersky Security Expert, Igor Golovin, said in a statement.
“However, we have observed how cybercriminals have started to spread malicious files through the ad blocks in such apps.”
What malware does the WhatsApp mod contain?
In the 16.80.0 version of FMWhatsApp, the mod contains the Triada Trojan in one of its ad libraries.
The trojan malware collects data about the mobile device and its user. After that, it will permit itself and download other Trojan malware to the device.
The malware can launch ads on the device and issue paid subscriptions to its owner.
For example, Triada downloads the MobOK Trojan which opens a subscription page in an invisible window on the app. It will then click the ‘Subscribe’ button without the user’s knowledge.
The malware can also log in to the user’s WhatsApp account by intercepting the verification SMS that confirms the login.
This makes the user vulnerable and can lead to their device being used to send spam.
Golovin recommended that to stay safe, users must download and use messenger software only from official app stores.
“They may lack some additional functions, but they will not install a bunch of malware on your smartphone,” he said.
Featured image: Unsplash/Towfiqu barbhuiya