According to a Cybersecurity firm Kaspersky recently performed a technical analysis of one such modified version of WhatsApp called FMWhatsapp and found the Trojan Triada malware had been snuck into the app with its advertising software development kit.
Kaspersky expert Igor Golovin said this was similar to what happened with the popular alternative app store APKPure, which had its main app compromised by a malicious payload downloader.
Golovin explained that once the FMWhatsapp (version 16.80.0) app was launched, the malware gathered unique device identifiers — such as Device IDs, Subscriber IDs, and MAC addresses — and the name of the app package where they’re deployed.
“The information they collect is sent to a remote server to register the device. It responds by sending a link to a payload which the Trojan downloads, decrypts and launches,” Golovin said.
Kaspersky’s analysis identified several different types of malware downloaded by FMWhatsapp, which were capable of:
- Downloading and launching other malicious modules, including the xHelper Trojan installer module.
- Displaying full-screen ads at unexpected moments.
- Running invisible ads in the background to increase the number of views they get.
- Signing the device owner up for paid subscriptions.
- Singing up victims for premium subscriptions.
- Signing in on WhatsApp accounts on the victim’s phone.
Golovin said the attackers seemed to have done their homework on the protocol WhatsApp uses.
He also highlighted that FMWhatsapp users grant the app permission to read their SMS messages, which means that the Trojan and all the further malicious modules it loads also gained access to them.
“This allows attackers to automatically sign the victim up for premium subscriptions, even if a confirmation code is required to complete the process,” Golovin stated.
Golovin said Kaspersky recommends not using unofficial modifications of apps, especially WhatsApp mods.
“You may well end up with an unwanted paid subscription, or even lose control of your account altogether, which attackers can hijack to use for their own purposes, such as spreading spam sent in your name.”
Many South Africans have previously revealed on Twitter that they were using third-party WhatsApp applications such as GBWhatsApp.
Aside from the serious security risks, you could also have your WhatsApp account banned if WhatsApp detects you are using an unsupported version of the app.