Kaspersky Lab experts reported the detected Trojan in the popular FMWhatsapp add-on of the WhatsApp messenger.
According to cybersecurity experts, FMWhatsapp16.80.0 contains a Trojan called Triada that can download and run other malicious modules, display ads, and purchase paid subscriptions.
WhatsApp users often resort to third-party add-ons that extend the functionality of the messenger and allow, for example, to select dynamic templates or read deleted messages. However, such add-ons may contain advertisements, which usually manifest themselves in the form of various banners in the application. In this case, the attackers used it as a loophole, giving the mod developers malware under the guise of ad modules.
Igor Golovin, the security expert at Kaspersky Lab, explained:
The mod in question looks harmless for users, because it really does what it says - it provides additional functions. But not only adware modules were embedded in it, but also a Trojan program. This is why we recommend that you only install apps from official stores. Their functionality may be less extensive, but they will not bring a lot of malicious files with them to the device. "
In total, in 2021, Kaspersky Lab solutions recorded more than 33 thousand attacks related to WhatsApp, including under the guise of the messenger itself or mods or updates for it.