Worried about the WhatsApp mod hacking your device? Here's how to fix it

Earlier this week, cybersecurity firm Kaspersky discovered a new piece of malware in a modified version of WhatsApp for Android. The embedded malware, a Trojan called Triada, can apparently download other Trojans and can launch ads, issue subscriptions and even intercept a user's text messages.

But, what really is a mod? Why on earth do people even use these mods instead of the original app? What does this mean for your data? Here's all you need to know.  

MOD - Mad over data breaches?  

For iOS users, the days of jailbreaking or rooting iPhones are long gone, given how difficult Apple has made it on its latest chips. Simply put, the pros (in this case, customisation) don't necessarily outweigh the cons (security risks) anymore. But, the Android world has always been different. It thrives on openness, personalisation and customisation. That's why Android users continue to 'root' their phones and also use 'modded APKs' or mods. In simple parlance, that's the term used for modified versions of official Android apps.

Also read: Microsoft warns thousands of cloud computing users of exposed databases

An Android app consists of a file that has an extension called '.APK'. A person who knows how to code can edit the elements of an APK file, unlock its features and then put it out for the world to download from the internet. This is how a whole host of people don't pay a single penny for an otherwise paid app and instead use its unlocked version or "mod" for free. Users also download mods for convenience and customisation, owing to the additional features offered by modified versions of the apps.  

What's the issue?

While it may sound all hunky dory at first, there is a massive security risk involved in using mods. The creators of these mods often embed advertisements in the code and use third party ad modules in the process. This is where the problem begins because malicious code can be carried on these third-party ad modules.  

That's precisely what happened in the case of the popular FMWhatsapp mod, according to a Kaspersky report. A recent version of FMWhatsapp contained a trojan, which collected user data, and in turn downloaded more trojans. Among other things, these trojans can automatically sign up for paid subscriptions, hack the user's original WhatsApp account and run invisible ads in the background.

Also read: Malicious software spreading through WhatsApp, warns Kaspersky

Should you even use third party mods?

Well, if you value your privacy and security, then the short answer is probably 'no'.  

These types of unofficial mods are not usually available on the official app stores of Google or Apple for good reason. They violate the terms and conditions set by these tech companies and hence, put you and your data at risk. That said, certain APKs from trusted sources, like the original app developer do exist. However, on installing these files, you will receive a prompt on your device informing you of the risks involved. It is best to tread with caution.

Igor Golovin, security expert at Kaspersky offers some simple advice. "With the FMWhatsapp app, it is hard for users to recognise the potential threat because the mod application actually does what is proposed - it adds additional features," he said. "However, we have observed how cybercriminals have started to spread malicious files through the adblocks in such apps. That is why we recommend you only use messenger software downloaded from official app stores. They may lack some additional functions, but they will not install a bunch of malware on your smartphone."

What if my device is infected?

First, let's diagnose the problem based on your symptoms. Rapid battery drain, unexpected pop-up ads, random subscription charges and an abnormal spike in data consumption could all mean that your smartphone has been compromised.  

If that's the case, let's hope you have backed up your data and are all set to reset your device. You can run an antivirus scan on your device and then focus on the suspicious app, but just deleting it might not be the panacea to your problem. On Android phones, malware often fiddles with your device administrator settings and gives itself illegal access. A system reset, and then a restore, might be your best bet.

It would also be wise to monitor all notifications from your bank/credit card company to ensure there is no suspicious activity taking place because of the malware.

Also read: Tech firms pledge billions to bolster cybersecurity defences, train skilled workers

Better safe than sorry

Ask anyone in the cybersecurity industry and they will swear by the maxim: "Prevention is better than cure." So, when it comes to mods and malware, here's how you can stay safe.

• Avoid downloading apps/mods from third-party sources
• If you want to be doubly sure, uncheck the "Install from Unknown Sources" option on Android  
• Do your research! Read all reviews before downloading apps (or doing anything whatsoever on the internet!)
• Install OS updates regularly to ensure vital security patches are in place
• Always check permissions before installing an app. Only grant access to what is necessary for the functioning of that app.

Also read: How to keep data safe from cyberattacks