Wednesday 8 September 2021, Poradnik bezpieczeństwa

Fake WhatsApp version. Triada Trojan


A fake version of WhatsApp – one of the most popular messenger apps – has been found on the web.
According to Kaspersky experts, the installation of the fake version of WhatsApp messenger on Android leads to device being infected with the Triada Trojan.

The application is listed under the name FMWhatsApp, after its installation, identifiers are collected from the device, which are then sent to a remote server, after which the Triada Trojan is installed.
The Trojan is able to subscribe the victim to premium services or install addition modules that allow the injection of additional malicious code.

According to Kaspersy, Triada has advanced stealth capabilities. Once inside the user’s device, the Trojan adds itself to almost every worker process and resides in ram, therefore it is almost impossible to detect and remove using antivirus solutions.

Please note that during the installation of FMWhatsApp, the victim is asked for permissions to access SMS messages. On the other hand, Triada Trojan can modify SMS messages sent by other applications, for example, when the user makes purchases via SMS inside Android games, fraudsters can modify outgoing messages so that the money goes to them instead of the game developers.

Remember to install applications only from trusted sources.