Custom WhatsApp Build Delivers Triada Malware

[silversurfer]

Triada malware, both pernicious and persistent, has resurfaced. Its most recent sighting is buried inside an advertising component of a modified version of the popular WhatsApp messenger called FM WhatsApp.
 
The malware, first spotted by researchers at Kaspersky in 2016, is a type of mobile supply-chain malware that today delivers a bevy of additional unwanted trojans to hapless victims. The latest version of Triada slips onto phones via an advertising software development kit (SDK) used to monetize the third-party FM WhatsApp Android mobile app.
 
Version 16.80.0 of FM WhatsApp is affected. The app, only available via unofficial third-party app stores, is one of many popular WhatsApp mods that allow users to add functionality to Facebook’s WhatsApp messenger.
 
In a Tuesday report by Kaspersky, researchers warn that this latest version of Triada acts as a payload downloader, injecting up to six additional trojan applications onto Android phones that can do a number of malicious actions – from commandeering a handset silently to full-screen popup ads.
 
“We don’t recommend using unofficial modifications of apps, especially WhatsApp mods. You may well end up with an unwanted paid subscription, or even lose control of your account altogether, which attackers can hijack to use for their own purposes, such as spreading spam sent in your name,” wrote Kaspersky cybersecurity expert Igor Golovin on Tuesday.

The developer of FM WhatsApp –  Foud Apps – did not return requests for comment. It’s unclear how popular the app is among WhatsApp users; however, a cursory review of top third-party WhatsApp mods does not list FM WhatsApp.

Read more: Custom WhatsApp Build Delivers Triada Malware | Threatpost