Posted on August 25, 2021 at 4:54 PM
Researchers from cybersecurity firm Kaspersky said they found out about a modified version of the WhatsApp messaging app for android has been infected by a Trojan. According to the researchers, the Trojan is used to sign up the devices for unwanted premium subscriptions, display full-screen ads, serve malicious payloads, and intercept text messages.
The Trojan, called Trianda, affected the messenger app known as FMWhatsApp. , which is downloadable through third-party app stores.
The malware can be delivered to devices through an advertising software development kit (SDK) used for monetizing the third-party FM WhatsApp Android mobile app.
The researchers have warned that the Triada Trojan works like a payload downloader and injects about six additional Trojan apps onto Android phones. Kaspersky noted that the Trojans can carry out several malicious actions, including full-screen popup ads and commandeering a handset silently. The researchers considered the campaigns the Whatsapp Virus.
Private messages also impacted
The app generally gets customized device identifiers and sends them to the remote server that responds with a link to a payload. Afterward, it is decrypted and delivered by the Triada Trojan, with the payload equipped to execute several malicious activities.
Kaspersky added that the targets could be in more danger as the threat actor could take control of the WhatsApp accounts. When in control, they are at liberty to distribute spam messages or carry out social engineering attacks. As a result, they can transfer the malware to other devices.
And on a more serious note, the attacker can carry out its operations in the user’s name.
The researchers also pointed out that the threat actors can gain access to the users’ WhatsApp accounts. Since apps are granted permissions by FMWhatsApp users to read messages, the malware can have such access too.
Users should only download apps from trusted platforms
The researchers have also explained that hackers can plant malicious files via adblocks in unverified apps. As a result, it’s recommended that users only utilize apps that are available on official app stores. If not, security threats on the devices will be coming frequently.
“We don’t recommend using unofficial modifications of apps, especially WhatsApp mods,” the researchers warned.
Generally, third-party apps from other platforms other than the app’s manufacturers always pose a great number of risks when they are downloaded. While normal apps also have their challenges, third-party apps are usually more prone to have malware infections because they are not properly verified.
Kaspersky has warned users to take caution before allowing apps to have access to their accounts. The security team noted that users should understand the type of request from the app and how it uses the data it accesses.
But as threat actors are changing their attack tactics constantly, there could be modifications that may make it difficult for the users to identify the threats. Ultimately, the researchers have advised users to download only recognized apps that are only downloadable on major app stores.
Triada increasingly becoming more powerful
Triada is extremely difficult to detect because it uses rot privileges to substitute system files. In most cases, it is stationed in the RAM of the device. When a user downloads and installs the Trojan, it manages to get information about the host device, including the amount of SD card space, the OS version of the device, and its model.
Another way to avoid keeping devices, according to Kaspersky, is to ensure that the devices are regularly updated with the latest patch. Trojans are powerful, but their penetration strength is usually limited on newer android versions. Users should install strong anti-virus solutions because they will help a great deal to detect dangerous Triada modules.
Also, users are advised to be proactive and stay smart on the internet. In most cases, the malware looks for loopholes to exploit whenever they want to launch an attack. If the systems or devices are highly protected, they will have limited space to carry on with their exploits and have little information to return to the hacker’s server.
The researchers said the Triada malware was first spotted in 2016, but it has undergone some changes since then. The Trojan is now more difficult to detect and has increased its operational capacity.