Researchers uncovered a new modified version of WhatsApp called called “FMWhatsapp” that comes with an advertising software development kit and drops a Triada Trojan to spy on your devices and steal the SMS data.
WhatsApp users are always curious about the new features since the original version has lacking with some expected features such as animated themes, self-destructing messages which automatically delete themselves, view messages that have been deleted by the sender, and so on.
This is a huge advance for the threat actors to release the modified version of WhatsApp with some extra features along with ads and displayed to the victims via different banners.
The uncovered modified version “FMWhatsapp” comes with the malicious code embedded within the app and the code employed as a payload downloader.
Experts from Kaspersky, The modified version seeking permission from the victims grant the app permission to read their SMS message, also other malicious modules loads also gain access to them.
Once the victims downloaded and launched the app, the malware starts gathering device information such as MAC addresses, subscribers ID’s, Devices IDs and sends the details to the removed server and registers the device.
Diving deep into the App, researchers uncovered that the FMWhatsapp drops the different types of malware of the following:-
Most important activities that performed by the FMWhatsApp is to read their SMS messages, automatic sign to premium subscription.
MD5
b1aa5d5bf39fee0b1e201d835e4dc8de
92b5eedc73f186d5491ec3e627ecf5c0
6a39493f94d49cbaaa66227c8d6db919
61718a33f89ddc1781b4f43b0643ab2f
fa9f9727905daec68bac37f450d139cd
c3c84173a179fbd40ef9ae325a1efa15
4020a94de83b273f313468a1fc34f94d
C&C
http://t1k22.c8xwor[.]com:13002/
https://dgmxn.c8xwor[.]com:13001/
Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker…
Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes…
DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with…
Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine.…
In a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems…
A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations…