fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Malicious WhatsApp Mod Infects Android Devices With Malware

Malicious WhatsApp Mod Infects Android Devices With Malware

A malicious version of the FMWhatsappWhatsApp mod delivers a Triadatrojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan.

FMWhatsApp promises to improve the WhatsApp user experience with added features such as better privacy, custom chat themes, access to other social networks’ emoji packs, and app locking using a PIN, password, or the touch ID.

However, as Kaspersky researchers found, the FMWhatsapp 16.80.0 version will also drop the Triada trojan on users’ devices with the help of an advertising SDK.

Also Read: Vulnerability Management For Cybersecurity Dummies

“This app was available on some popular WhatsApp mods distributing sites. We cannot share the links to them though,” Kaspersky security expert Igor Golovin told BleepingComputer.

“As for [FMWhatsApp clones] on Google Play — these applications usually only contain various ads and instruct users on how to download and install mods, while not actually containing the malicious mods themselves.”

Trojan harvests device info and installs more malware

Once installed, Triada starts collecting device information and sends it to its command-and-control server, which replies with a link to an additional payload that the trojan will download and launch on the compromised Android device.

According to Kaspersky, Triada will download and launch multiple types of additional malware on the targets devices, including:

  • Trojan-Downloader.AndroidOS.Agent.ic, which downloads and launches other malicious modules.
  • Trojan-Downloader.AndroidOS.Gapac.e, which installs other malicious modules and displays full-screen ads.
  • Trojan-Downloader.AndroidOS.Helper.a installs the xHelper Trojan installer module and runs invisible ads in the background.
  • Trojan.AndroidOS.MobOk.i signs the Android device owner up for paid subscriptions.
  • Trojan.AndroidOS.Subscriber.l also signs up victims up for premium subscriptions.
  • Trojan.AndroidOS.Whatreg.b harvests the info and requests the verification code to sign into the victims’ WhatsApp accounts.

Malware dropped by Triada on FMWhatsApp users’ Android devices can easily sign them up to premium subscription given that the app requests access to the victims’ text messages when installed.

Also Read: The Financial Cost of Ransomware Attack

“With this app, it is hard for users to recognize the potential threat because the mod application actually does what is proposed – it adds additional features,” Golovin said.

“However, we have observed how cybercriminals have started to spread malicious files through the ad blocks in such apps. That is why we recommend you only use messenger software downloaded from official app stores.

“They may lack some additional functions, but they will not install a bunch of malware on your smartphone.”

The unkillable and almost impossible to remove xHelper

Among the malware delivered by Triada, xHelper stands out through its uncanny ability to reinfect Android devices hours after being removed or after the infected devices are reset to factory settings.

First observed by Malwarebytes in March 2019, when it began slowly spreading onto over 32,000 Android devices, xHelper eventually infected a total of 45,000 devices until October 2019.

xHelper uses “web redirects” to trick targets into side-loading malicious APKs from third-party Android app stores, with the installed apps downloading and launching the xHelper trojan.

The trojan survives removal attempts by copying itself on the system partition, which it remounts in write mode. It also replaces the libc.so system library to block full access to the mount and prevent users from employing the same technique to remove it.

While completely reflashing the Android system on infected devices is the most foolproof method to get rid of xHelper, Malwarebytes came up with a second method which involves installing the company’s free Malwarebytes for Android app.

Update: Added Igor Golovin’s statement on FMWhatsApp’s Google Play clones.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us