How Does FMWhatsApp Hack Your SmartPhones? What You Should Do To Prevent It?

How Does FMWhatsApp Hack Your SmartPhones using Trojan Triada?

  1. When a user downloads FMWhatsApp on his Android device, he also downloads an advertising software development kit (SDK) which brings Trojan Triada to the device.
  2. When the user launches the app, Triada gathers unique device identifiers like Device IDs, Subscriber IDs, MAC addresses, service provider’s name, and location.
  3. The trojan registers the device with a remote server by sending all the captured device details to the remote server.
  4. The remote server responds to the device with a link that can be used to downloads a payload from the remote server.
  5. Files downloaded by the FMWhatsApp on the Victim’s device:

What FMWhatsApp Will Do on the Victim’s Device?

  1. It downloads additional malware modules on the device.
  2. Run full-screen ads.
  3. Subscribe the victims to premium services without their knowledge.
  4. Hijack victims’ WhatsApp accounts are on the device to carry out social engineering attacks and distribute spam messages.
  5. Read text messages on the device.
  6. Exfiltrate unique device identifiers like Device IDs, Subscriber IDs, MAC addresses, service provider’s name, and location.
  7. Spread malware to other devices.

How to Protect your Device Being Hacked by FMWhatsApp?

  1. Never download and install apps from untrusted third-party websites. Install the apps only from official stores.
  2. Don’t load your phone with multiple similar apps. Don’t install more than two messenger apps.
  3. Verify what permissions you’ve granted to installed apps and revoke the permissions if not required.
  4. Install premium antimalware programs on your smartphone and always keep its database up to date.
  5. Don’t connect your smartphone to a public, open, or unknown WiFi network.

What Can You Protect Your WhatsApp Account?

  1. Report to WhatsApp support: If you start getting multiple verification messages in a short amount of time, please report to WhatsApp support. Don’t react to those messages. This is the clear indicator that says someone is attempting to register using your phone number.
  2. Enable two-step verification: Enabling two-step verification is one of the best ways to protect. The six-digit PIN and email address are the key factors for securing your account. Using your email address to set up two-step verification helps the WhatsApp support team to identify that it was you.
  3. Set a lock on WhatsApp: When you set up a six-digit PIN, WhatsApp will ask you to enter the PIN when your account is tried to set up on another device. This will work as a shield against the attack.
  4. Export chats and delete: It is always good to export your chats data to your email or cloud storage and protect with a password as the default export option will not be encrypted. Then delete the complete chat history.
  5. Move the backups to external storage: This option is only for Android users. Android users can export the backup to external storage and delete the backup. This would protect your data from being accessed by the attacker.
  6. Install WhatsApp updates: Always upgrade your WhatsApp app without fail whenever there is a new version available. This ensured many bugs and vulnerabilities got fixed, which was exist in old versions.

Trojan Triada IOC:

MD5

C&C

--

--

--

We are here to create awareness about cyber security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Thinking what can go wrong? Introduction to Threat Modeling.

Identify And Fix Your Adobe Products Affected With Multiple Vulnerabilities

Automate your Sentinel incident triage

Opinion: My Thoughts on Alissa Knight’s FHIR research

How To Fix CVE-2022–22966- A Critical RCE Vulnerability In VMWare Cloud Director That Let Attackers…

Token Handler: The New BFF to Your Single Page Applications

PIPEDA: The evolution of data privacy legislation

Mental Cause of Cyber bullying.

theblackthreat

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Thesecmasterblog

Thesecmasterblog

We are here to create awareness about cyber security.

More from Medium

LOG4J Attack on Cryptocurrency Firm ONUS

How To Fix “InstallerFileTakeOver” 0day LPE Vulnerability In Windows?

How to protect yourself from Hackers?

Log4j Vulnerability Explained