MOSCOW, 17 Oct — PRIME. Attackers under the guise of add-ons to WhatsApp (mods) distribute the Triada Trojan, which is capable of downloading other malware that issues paid subscriptions and steals access to accounts. Kaspersky”.
Many users do not have enough features in the official version of WhatsApp and download mods. These are add-ons that expand the capabilities of the messenger. For example, they allow you to customize backgrounds and fonts for chats, send bulk emails, or protect certain chats with a password.
“The attackers are promoting a mod with features that are not in the official app. But in addition to these features, it hides the Triada Trojan. It can download other malware that, for example, issue paid subscriptions, and even steal access to accounts. According to the company, for August and September 2022, more than 3.6 thousand users faced this threat.
It is noted that malicious mods are distributed through two legitimate applications – Snaptube and Vidmate. “In Snaptube, a popular Android app, attackers advertise a mod called YoWhatsApp. Most likely, the Snaptube developers did not know that the attackers were using a legitimate ad module built into their solution for their own purposes,” the company noted.
In another app, Vidmate, the malicious mod is distributed under the name Whatsapp Plus. The Vidmate service, like Snaptube, is used to download videos from YouTube, and in addition, it contains an unofficial Android application store.
“After installing and running the mod, the Triada Trojan is also activated on the device. Moreover, after logging into the account, the user may lose access to his account: the malware steals the keys necessary for this,” the company added.