Unofficial WhatsApp Android app has been set to steal user accounts

Unofficial WhatsApp Android app has been set to steal user accounts

A new version of an unofficial WhatsApp Android app named “YoWhatsApp” has been found to be stealing access keys of users’ accounts.

YoWhatsApp is a fully functional messaging app that uses the same permissions as the standard WhatsApp app and is promoted through ads on popular Android apps like Snaptube and Vidmate.

The app includes additional features over regular WhatsApp, such as the ability to customize the interface or block access to chats, which makes it attractive for users to install.

However, it has been discovered that YoWhatsApp v2.22.11.75 hijacks WhatsApp keys, enabling threat actors to take control of users’ accounts.

WhatsApp malware mod

YoWhatsApp campaign was discovered by threat analysts at Kasperskywho were investigating cases of Triada Trojan hiding inside modified WhatsApp versions since last year.

According to a report published today, the modified app sends users’ WhatsApp access keys to the developer’s remote server.

WhatsApp keys targeted by the malicious app
WhatsApp keys targeted by the malicious app (Kaspersky)

Kaspersky says these keys can be used in files Open source utilities To connect and perform actions as a user without the actual client.

While Kaspersky has not stated whether these stolen access keys have been misused, they can lead to account takeover, exposure of sensitive communications with private contacts, and impersonation of close contacts.

Like the real WhatsApp Android app, the malicious app asks for permissions, like SMS access, which are also granted to the Triada Trojan that is embedded in the app.

Kaspersky says that the Trojan can abuse these permissions to enroll victims into premium subscriptions without their realizing it and generate income for distributors.

spread campaign

Modified YoWhatsApp is being promoted via ads in Snaptube, a very popular video downloader that has been plagued by false ads. in the recent past.

Ad promoting YoWhatsApp
Ad promoting the malicious YoWhatsApp version (Kaspersky)

Kaspersky Snaptube has reported that cybercriminals are pushing malicious apps through its advertising platform, so this distribution channel should be closed soon.

The malicious app offers additional features like a customizable interface, blocks individual chat rooms, and other things that are not available on the WhatsApp client but many people would like to have.

Kaspersky also found a copy of YoWhatsApp called “WhatsApp Plus”, which features the same malicious functionality, spread via VidMate, likely without the knowledge of its authors.

WhatsApp Plus is similar to YoWhatsApp
WhatsApp Plus is the same as YoWhatsApp
(Kaspersky)

This month, Meta has sued several Chinese companies doing business such as HeyMods, Highlight Mobi and HeyWhatsApp for developing “unofficial” WhatsApp apps that They stole more than a million WhatsApp accounts.

Stay safe on WhatsApp

Although all unofficial WhatsApp mods are malicious, avoiding them completely would be wise if you want to reduce the chances of installing malware on your device.

In this case, apps that promote malicious WhatsApp versions can only be downloaded in the form of APK files outside the Google Play Store, which is also a practice to be avoided.

Triada can use these keys to send malicious spam as a stolen account, while taking advantage of people’s trust in their small circle of friends and family.

Therefore, beware of direct messages from contacts that promote programs or ask you to click on unusual links. When you receive messages like this, be sure to reach out directly to your friends and family to ensure that they actually sent the text messages.


#Unofficial #WhatsApp #Android #app #set #steal #user #accounts

Leave a Comment

Your email address will not be published. Required fields are marked *