Care should be taken when installing WhatsApp mods on Android devices, as they may contain malware.

Kaspersky reported yesterday (August 24) on its blog that a certain version of WhatsApp mod called FMWhatsapp contains malware. The malware includes the notoriously difficult-to-remove Trojan xHelper.

WhatsApp "mods" are auxiliary Android applications that modify the functionality of WhatsApp. For example, FMWhatsApp provides the ability to add custom themes, access other apps' emoji, and lock apps with PINs, passwords, and fingerprints. [Kaspersky expert Igor Golovin said, "The app actually does what it proposes, making it difficult for users to notice potential threats.

FMWhatsapp does not exist in the Google Play Store at all, and only version 16.80.0 is known to be infected. (Therefore, it is very easy to circumvent unless you install the app from a third-party app store (for that, you need to give the app special permissions)

Many good Android antivirus apps also catch the rogue version of FMWhatsapp during downloading, thus providing better protection against FMWhatsapp and other Android malware.

FMWhatsapp 16.80.0 contains the Triada Trojan, a type of mobile malware that has been around since 2017. In its current form, Triada is a "downloader" whose main purpose is to establish a backdoor through which other malware can be downloaded and installed.

Triada, along with xHelper, displays ads, runs "hidden" ads to commit ad fraud, secretly enrolls phone users in paid subscriptions, harvests phone information, and installs other Android malware that can be Install.

"FMWhatsapp users give the app permission to read SMS messages," Golovin noted on the Kaspersky SecureList blog.

"This Trojan and any other malicious modules that the Trojan reads will also have access to the SMS messages. This allows the attacker to automatically subscribe the victim to a premium subscription, even if a confirmation code is required to complete the process.

"We do not recommend using unofficial modifications of apps, especially WhatsApp modifications," the Kaspersky report states. Kaspersky's report states, "In particular, we do not recommend the use of WhatsApp modifications."