How Does FMWhatsApp Hack Your SmartPhones? What You Should Do To Prevent It?

When users see the modified WhatsApp apps offering many more features with attractive color and animation, some of them will be amazed and can’t stop themselves from installing and play with it. But, they don’t know that they are playing with the malware, which could cause potential damage to their privacy, could compromise their confidential information like their emails, SMSs, saved credentials. One such modified version of WhatsApp, ‘ FMWhatsApp’ is identified, which is trojanized to intercept text messages, display full-screen ads, serve malicious payloads, and enroll device owners for unwanted premium subscriptions without their knowledge. Let’s explore how does FMWattsApp hacks your smartphone and what you can do to prevent it.

How Does FMWhatsApp Hack Your SmartPhones using Trojan Triada?

  1. When a user downloads FMWhatsApp on his Android device, he also downloads an advertising software development kit (SDK) which brings Trojan Triada to the device.
  2. When the user launches the app, Triada gathers unique device identifiers like Device IDs, Subscriber IDs, MAC addresses, service provider’s name, and location.
  3. The trojan registers the device with a remote server by sending all the captured device details to the remote server.
  4. The remote server responds to the device with a link that can be used to downloads a payload from the remote server.
  5. Files downloaded by the FMWhatsApp on the Victim’s device:

1 Trojan-Downloader.AndroidOS.Agent.ic: It downloads malicious modules.

2 Trojan-Downloader.AndroidOS.Gapac.e: It not just downloads and launches malicious modules, it also displays full-screen ads to the user.

3 Trojan-Downloader.AndroidOS.Helper.a: It downloads and launches the xHelper Trojan installer module. And, it also runs ads in the background.

4 Trojan.AndroidOS.MobOk.i: It enroll the device for unwanted paied services.

5 Trojan.AndroidOS.Subscriber.l: It is again used to sign up the user for premium paid services.

6 Trojan.AndroidOS.Whatreg.b: This file is used to hijack WhatsApp accounts on the Victim’s phone. This malware sends all the gathered information to the remote server and register the device with the C2 servers.

What FMWhatsApp Will Do on the Victim’s Device?

  1. It downloads additional malware modules on the device.
  2. Run full-screen ads.
  3. Subscribe the victims to premium services without their knowledge.
  4. Hijack victims’ WhatsApp accounts are on the device to carry out social engineering attacks and distribute spam messages.
  5. Read text messages on the device.
  6. Exfiltrate unique device identifiers like Device IDs, Subscriber IDs, MAC addresses, service provider’s name, and location.
  7. Spread malware to other devices.

How to Protect your Device Being Hacked by FMWhatsApp?

  1. Never download and install apps from untrusted third-party websites. Install the apps only from official stores.
  2. Don’t load your phone with multiple similar apps. Don’t install more than two messenger apps.
  3. Verify what permissions you’ve granted to installed apps and revoke the permissions if not required.
  4. Install premium antimalware programs on your smartphone and always keep its database up to date.
  5. Don’t connect your smartphone to a public, open, or unknown WiFi network.

What Can You Protect Your WhatsApp Account?

  1. Report to WhatsApp support: If you start getting multiple verification messages in a short amount of time, please report to WhatsApp support. Don’t react to those messages. This is the clear indicator that says someone is attempting to register using your phone number.
  2. Enable two-step verification: Enabling two-step verification is one of the best ways to protect. The six-digit PIN and email address are the key factors for securing your account. Using your email address to set up two-step verification helps the WhatsApp support team to identify that it was you.
  3. Set a lock on WhatsApp: When you set up a six-digit PIN, WhatsApp will ask you to enter the PIN when your account is tried to set up on another device. This will work as a shield against the attack.
  4. Export chats and delete: It is always good to export your chats data to your email or cloud storage and protect with a password as the default export option will not be encrypted. Then delete the complete chat history.
  5. Move the backups to external storage: This option is only for Android users. Android users can export the backup to external storage and delete the backup. This would protect your data from being accessed by the attacker.
  6. Install WhatsApp updates: Always upgrade your WhatsApp app without fail whenever there is a new version available. This ensured many bugs and vulnerabilities got fixed, which was exist in old versions.

Trojan Triada IOC:



Thanks for reading the post. Please share this with all others and create awareness about cybersecurity.

Originally published at on August 26, 2021.

We are here to create awareness about cyber security.