"Hackers Exploit WhatsApp Modification Tool to Snoop on Texts, Force Paid Subscriptions"
According to researchers at Kaspersky, hackers have inserted the Triada trojan into a modified version of FMWhatsapp, a WhatsApp mod. Such mods have a following among users who want to customize WhatsApp, such as being able to send larger files or apply custom animated themes. The Triada trojan can launch advertisements, issue paid subscriptions, and intercept text messages. FMWhatsapp isn't available on the Google Play store and is only available via third-party websites, which means users who desire the extra features the mod offers don't get the security protections inherent in more officially-vetted apps. Kaspersky first spotted Triada in 2016, when the company deemed the hacking tool "one of the most advanced mobile Trojans our malware analysts have ever encountered." The researchers stated that the users grant FMWhatsapp permission to read SMS messages, simultaneously granting the trojan access to text messages. The researchers noted that with this app, it is hard for users to recognize the potential threat because the mod application actually does what is proposed, it adds additional features. However, the researchers have observed how cybercriminals have started to spread malicious files through the ad blocks in such apps. The researchers stated that the case of FMWhatsapp and Triada is a lesson about how, in a drive to give users "improved" versions of a software, modders can introduce security holes. Foud Apps, the reported developer of FMWhatsapp, didn't respond to a message seeking comment about Kaspersky's research. Nor did Facebook, owner of WhatsApp. Among the malware that FMWhatsapp downloads is XHelper, a sticky kind of Android malware that's difficult to remove.