I know the WhatsApp situation sucks. The official application is adequate, rocking a pleasing design with a beautiful dark mode. However, the fact remains that the official app is often slow to add exciting features – for example, to this day the disappearing messages feature is severely limited.
I do not know why the WhatsApp guys often intentionally cripple their app. One of the popular features on WhatsApp mods like GB WhatsApp is the ability to hide one’s ‘last seen’ whilst being able to see other people’s. Same thing with read receipts (the blue ticks) and other privacy settings.
The official app believes in a ‘show me yours and I’ll show you mine’ philosophy. If you don’t want people to see yours, then you can’t see theirs. WHY? They just arbitrarily decided that that’s how it should be. If a contact of mine doesn’t mind me seeing that info, what does that have to do with what I prefer for my own account? Noone asked for this kind of parity.
Okay, rant over. My point is that I understand why people love these WhatsApp mods. They don’t demand people give up their anonymity to participate. Some of us use WhatsApp for work and so would like for family and friends to not see us ‘online’ when we know we can’t chat. With some of these mods, you can make it so certain contacts do not see your ‘online’ status whilst some, work related in the example, can.
How many times have friends seen you online and concluded you were ignoring them when you were actually busy with work stuff? WhatsApp mods can help with this but they are just too risky for my liking. I haven’t used one in over 8 years and probably never will again.
FM WhatsApp mod had nasty malware
Some security researchers found that there was a trojan in a version of FM WhatsApp. Called trojan because it hides its real intent and yet can take control of a computer/phone.
They suspect that the FM WhatsApp developers did not put this trojan in on purpose. Rather, the malicious code was in the advertising software development kit they used to be able to display ads in their app.
The Trojan Triada they found is one nasty bastard of malware. When you launch your FM WhatsApp, the trojan springs into action and collects and sends your device details to a remote server. The server then sends a link where the trojan downloads a number of different types of malware.
These bits of malware are wicked:
- Some of them download and launch even more malware, including more trojans
- While some display full-screen ads
- Some display ads in the background
- As some sign the phone/tablet up for paid subscriptions. This is done via an invisible window. Since this usually results in a text message being sent to the device for confirmation, the malware intercepts the message. Remember you have to give FM WhatsApp permission to read messages and that’s how the trojan gets permission.
- Some sign in to other WhatsApp accounts on your phone and who knows what they use those accounts for.
- Some use your phone to send spam to other people.
- All this is done in the background, except for the ads displayed in the foreground, and even the intercepted message is deleted so you never see it.
The version of FM WhatsApp that had this nasty trojan was 16.80.0. You might be using one that’s not infected but can you know with 100% certainty that there are no ads being displayed in the background? You can’t know this if you are using a modded WhatsApp version.
I met someone whose phone was displaying full screen ads that were not easy to dismiss. Who knows how many more were being displayed in the background. The phone had slowed down significantly and would heat up even when the user was just chatting in FM WhatsApp. What do you know, she was using the infected version.
That’s the risk we take with these modded WhatsApp versions.
What to do
If you suspect your phone could be infected, uninstall the modded WhatsApp program you have, be it FM or GB or WhatsApp+. Even if you don’t have any suspicions, I think it’s about time you went legit. So uninstall then run an antivirus program to see if there’s any more nasty stuff in the background.
If not for the risk of malware, do it to avoid having your account blocked. WhatsApp does block accounts for using these modded versions. I know, you can always buy another line and start all over again. But why would you put yourself through all that. I still have 9 year old chats on my phone and you could enjoy that too.
Then the other habit you should cultivate is that of updating your apps. Sometimes apps may have vulnerabilities, not viruses or trojans, but just weaknesses that hackers can exploit. The vendors of these apps constantly release fixes for some of those vulnerabilities.
If your phone does support the Google Play Store, try to get all your apps there. I know the data prices in Zimbabwe are prohibitive and most end up getting installable apk files from friends via ShareIt. Still try to see which version they are running before installing. Same goes if you get your WhatsApp installed by the ‘guys in town.’ A little caution keeps the hackers at bay.
You’re probably safe – for now, but…
I’m not saying your GB WhatsApp is infected. I am also not saying it’s not infected. I’m saying we just don’t know with these sideloaded apps.
If you’re running FM WhatsApp, check to see that the version is not 16.80.0. This infected version is over 5 months old now and shouldn’t be working anymore. But I know some still adjust the date of their phones to avoid updating apps so I’m sure there is a number still using this version.
I leave you with the permissions you grant to your WhatsApp MOD, and therefore potentially to your trojans.
Below is the list of permissions required by FMWhatsApp to run. Make sure to read them properly before installing it.
|Kill Background Tasks|
|Access Device Location|
|Access WiFi, Bluetooth, Camera, Mike, NFC|
|Modify Audio Settings|
|Write External Storage|
|Use Maps Services|