Hackers Use The 'Triada' Malware To Infect A Popular Unofficial WhatsApp App

WhatsApp, Trojan horse

There is no doubt that WhatsApp is the most popular messaging apps on both mobile and desktop.

With more than 2 billion users, the Facebook-owned platform has no competitors that can come close to it. Versatile and easy to use, straightforward and ubiquitous, WhatsApp has delivered an experience unrivaled by others.

Hackers are people with knowledge for computing and networking. They are also known to improvise and adapt to trends. And this time, hackers who know very well that WhatsApp is undisputed, is trying to cause damage by delivering a malware through an unofficial version of WhatsApp.

While WhatsApp provides an official app that people can download, a number of WhatsApp users prefer the "modified" versions of WhatsApp because they bring more features and improve experience.

FM WhatsApp does exactly that.

And hackers are using it to spread the Triada malware.

Ever since WhatsApp becomes the most used applications to communicate worldwide, it is of high interest to cybercriminals since it is easy to steal information through it.

Kaspersky, a cybersecurity company, reported that hackers use the malware Triada, a Trojan, to steal data from users when the FM WhatsApp app is installed.

Because it's a Trojan, Triada appears legitimate, but when installed, not only that it can will infiltrate and collect personal information, as it can also begin subscribing to services without its victims' knowledge.

Triada is both both pernicious and persistent.

Triada is nothing new, as the first instance of its kind was spotted back in 2016.

But this time, hackers are using the mobile supply-chain malware by putting it inside the advertising component of FM WhatsApp.

And if the Trojan alone is not enough, the Triada malware also acts as a payload downloader, injecting up to six additional Trojan applications onto Android phones, including the notorious xHelper.

FM WhatsApp, Triada malware
The Triada Trojan loaded from FM WhatsApp's advertising SDK. (Credit: Kaspersky)

Kaspersky considers Triada as “almost invisible” to users and those trying to find and remove it.

This is because the malware exists mostly inside infected devices' RAM.

The researchers at the company also described it as “one of the most advanced mobile Trojans our malware analysts have ever encountered.”

For these reasons, the cybersecurity company urges Android users to stop downloading unofficial versions of the application, and should stop sideloading the app via its SDK file.

“We don’t recommend using unofficial modifications of apps, especially WhatsApp mods. You may well end up with an unwanted paid subscription, or even lose control of your account altogether, which attackers can hijack to use for their own purposes, such as spreading spam sent in your name,” wrote Kaspersky cybersecurity expert Igor Golovin, in a post.

“With this app, it is hard for users to recognize the potential threat because the mod application actually does what is proposed – it adds additional features,” Kaspersky’s Golovin said.

According to Kaspersky, Mexico has been the country most affected by this malware, with 2,474 cases of people reporting accidentally downloading the virus.

Kaspersky said that version 16.80.0 of FM WhatsApp is affected.