On Tuesday, Kaspersky released a report warning of the Triada trojan targeting mobile devices with an advertising SDK. The latest version of the malware was found buried inside an advertising component of a modified version of WhatsApp, a popular messenger, called FM WhatsApp. The malware is very persistent and was first identified in 2016. Triada is a type of mobile supply-chain malware that delivers trojans and other malicious content to victims. Version 16.80.0 of WhatsApp is affected by the advertising campaign.
FM WhatsApp is only available via unofficial third-party app stores and is one of many popular WhatsApp mods that allow users to add functionality to the messaging platform. Kaspersky warned that the latest version of Triada acts as a payload downloader, meaning that it injects up to six additional trojan applications onto Android phones. These additional trojans can perform a number of actions such as initiating full-screen popup ads or commandeering a handset. Kaspersky stated that it does not recommend using unofficial modifications of apps.