Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Be very careful about installing a WhatsApp mod on your Android phone — it may contain malware.
Kaspersky reported in a blog post yesterday (Aug. 24) that a certain version of a WhatsApp mod called FMWhatsapp contains malware that itself downloads and installs even worse malware. This includes the notoriously difficult-to-remove xHelper Trojan.
- SteelSeries mice, keyboards hijack Windows 10 — what you can do
- The best WhatsApp alternatives
- Plus: Hundreds of thousands of home Wi-Fi routers attacked — what to do
WhatsApp "mods" are auxiliary Android apps, mostly found outside the Google Play store, that modify how WhatsApp functions. FMWhatsApp, for example, offers to add custom themes, access other apps' emojis and app locking with a PIN, password or fingerprint.
"With this app, it is hard for users to recognize the potential threat because the mod application actually does what is proposed — it adds additional features," said Kaspersky expert Igor Golovin.
How to avoid infection
FMWhatsapp is not in the Google Play Store at all, and only version 16.80.0 is known to be infected, so it should be pretty easy to avoid as long as you don't install apps from third-party app stores. (You have to grant apps special permissions to do so.)
Many of the best Android antivirus apps also catch the rogue version of FMWhatsapp as it's being downloaded, so they will give you added protection from it and other forms of Android malware.
What's going on here
FMWhatsapp 16.80.0 contains the Triada Trojan, a strain of mobile malware that's been around since 2017. In its current form, Triada is a "downloader" whose main purpose is to establish a backdoor through which other malware can be downloaded and installed.
Along with xHelper, Triada in this instance installs several other malware strains that diplay ads, run "hidden" ads to commit ad fraud, secretly sign up the phone user to paid subscriptions, harvest phone information and install even more Android malware.
"FMWhatsapp users grant the app permission to read their SMS messages," Golovin points out on the Kaspersky SecureList blog.
"The Trojan and all the further malicious modules it loads also gain access to them. This allows attackers to automatically sign the victim up for premium subscriptions, even if a confirmation code is required to complete the process."
"We don't recommend using unofficial modifications of apps, especially WhatsApp mods," the Kaspersky report says. "You may well end up with an unwanted paid subscription, or even lose control of your account altogether."
