Cybersecurity and digital privacy company Kaspersky has announced that it has identified a malicious WhatsApp Messenger mod in circulation known as FMWhatsApp. According to the company, the application contains a trojan called Triada that can display advertisements, perform unsolicited signatures and intercept SMS from victims. In this way, the trojan is able to steal platform access credentials and even allow SIM hijacking. According to the company, detections were carried out between January 2020 and August 2022. Mexico and Brazil are the Latin American countries where the trojan is most active with 2,474 and 2,327 blockades in the period. In the global ranking, countries occupy the 6th and 7th positions, respectively. Furthermore, the threat is still present in Venezuela (690), Colombia (636), Peru (362), Argentina (311), Ecuador (226) and Chile (160).
data theft
As Kaspersky explained, malware acts as an “intermediary”. That is, it first collects data from the victim and then, at the criminal’s command, downloads other malware onto the device. These new malwares will display unwanted advertisements, log into the WhatsApp account, sign in the victim’s name and intercept SMS messages, leaving the victim vulnerable to illegal activities. Through this myriad of malicious applications, infected users can see their cryptocurrency or wallet company credentials compromised. The malicious version of FMWhatsApp downloads malware like: Trojan-Downloader.AndroidOS.Agent.ic: downloads and executes other malicious modules; Trojan-Downloader.AndroidOS.Gapac.e: downloads and runs other malicious modules and may display full screen advertisements at unexpected times; Trojan-Downloader.AndroidOS.Helper.a: downloads and runs xHelper trojan and displays invisible ads in the background; Trojan.AndroidOS.MobOk.ie Trojan.AndroidOS.Subscriber.l: performs unsolicited paid subscriptions; Trojan.AndroidOS.Whatreg.b: the most complex on the list. Logs into the victim’s WhatsApp account, intercepting the login confirmation text. The device can then become a site for various types of illegal activities, such as distributing spam or illegal commerce. “Some people look to these modified versions of the app to enable features that don’t exist in the official version. The way the attack is carried out, the victim will hardly recognize the blow. After all, the mod really does have additional functions,” said Fabio Assolini, senior security analyst at Kaspersky.
how to protect yourself
To be on the safe side, Kaspersky experts also recommend: Avoid installing applications from unofficial sources and use your device settings to deny excessive permissions requested during installation; Check what permissions you have given to installed apps. That’s because some can pose a real threat; Install a reliable mobile antivirus app on your phone and pay attention to warnings. Read also: Rei never loses the crown: Bitcoin surpasses Etheruem, Solana, Cardano, XRP and Polkadot in institutional flows Read also: Specialist analyzes the impacts of September 7 on IPCA and international markets Read also: Analysis Solana: SOL rises 700% and reaches top 6 of cryptoactives
