A modified version of WhatsApp for Android called YoWhatsApp was found stealing users’ access keys. Kaspersky security researchers found that YoWhatsApp contains the “Triada” trojan that can steal user account access keys and send them to the developer’s remote server.
Last year, the same trojan was found on FMWhatsApp, another WhatsApp mod with similar shady practices.
According to the new report, YoWhatsApp is a fully functional WhatsApp mod that unlocks new features to attract users. It offers features like a customizable interface and chat blocking, something that the official WhatApp app for Android doesn’t have. These additional features entice people to at least try out the new app.
The mod is distributed via advertisements on Snaptube, a widely used video downloader that has a history of malicious advertising. Once users click on the ad and install the app, it starts its hidden activities.
For users, everything will look normal. YoWhatsApp will ask for the same set of permissions as the official app, such as access to contacts, cameras and microphone, all of which are necessary for its proper functioning. However, the same permissions are also inadvertently granted to the Triada trojan. The trojan can abuse the permissions to surreptitiously register users in paid subscriptions and make someone profit from it. Worse still, it can steal access keys that can lead to great damage if abused by attackers.
Kaspersky has not yet reported whether it found any abuse of the stolen access keys. But, the report mentions that the keys can allow hackers to take over the victim’s WhatsApp account. The attacker could leak sensitive personal communications, impersonate the victim to perform other actions without their knowledge, or launch an even more dangerous attack.
YoWhatsApp also has a clone
Kaspersky also found a YoWhatsApp clone. Called WhatsApp Plus. The cloned app is available for download from VidMate, another popular video downloader for Android. Once installed, it can carry out the same malicious activities without the victim’s knowledge. The report notes that VidMate’s in-house app store is offering WhatsApp Plus, which talks about its poor security measures.
The research firm has already notified Snaptube about YoWhatsApp loaded with trojans on its platform. So the company will likely remove it soon. If you have it or WhatsApp Plus installed on your phone, please uninstall it immediately. WhatsApp is the most popular messaging app in the world with over two billion monthly users, and everyone is advised to always use the official app available on Google Play Store or App Store.
Furthermore, you should also avoid using apps that display lots of intrusive ads. You might accidentally click on an ad and it can cause these types of malicious apps to get into your phone. Another thing to note is that Snaptube and VidMate are not available on the Play Store. Avoid using these apps too as they are not rated by Google for the security of your data.
Have you watched the new videos on YouTube of the Digital Look? Subscribe to the channel!