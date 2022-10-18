Beware of another growing plague on WhatsApp this beginning of the week! Security firm Kaspersky has discovered a new malicious version of the YoWhatsApp mod app. Instead of bringing features to customize the messenger, the software spreads the Triad trojan to mobile devices. The malware has already claimed more than 3,600 victims in the last two months worldwide, and Brazil is the second most attacked, with more than 400 infections in the same period.

The threat comes through a fraudulent version of a popular type of app on the web, WhatsApp mods. These apps allow users to change some features or add features that the original app does not, such as custom backgrounds and fonts in chats and password-protected login for specific conversations.

Although the possibility of “tuning” Whatsapp is enticing for many users, it also represents a good opportunity for criminals. In the case of this YoWhatsApp version, the Triad trojan is downloaded along with the new features, the moment the victim confirms their WhatsApp credentials.

When criminals run the malware on the device, they take control of the individual’s account on the official WhatsApp app, which gives them the ability to steal logins and take money from victims by making paid subscriptions that users don’t even know exist.

The most curious thing about the new campaign is the way in which the threat is distributed: the criminals use a well-known software, Android Snaptube, used to download videos from YouTube, Facebook and Instagram. They exploit the app's popularity to advertise YoWhatsApp, which gives the false impression that it's really an authentic, pest-free app.







Photo: Pexels / Anton / Canaltech

In addition, YoWhatsApp is also being distributed by the Vidmate app, which, in addition to being used to download YouTube videos, has an unofficial Android app store. In it, the attackers published a malicious version of YoWhatsApp called “Whatsapp Plus”.

“Advertising in legitimate apps is an extremely smart way for criminals to spread malicious apps, as many believe that if the app they are using is safe, the ads that appear there also pose no risk. But as we can see, neither this is always the case. Therefore, we recommend that people download apps only from official stores. They won’t always have the same number of personalized features, but they will certainly be much safer for you, minimizing the possibility of losing your account or your money”, comments Fabio Assolini, director of Kaspersky’s Research and Analysis Team for Latin America.

How to protect yourself from new malware on WhatsApp

Kaspersky has some recommendations for people to protect themselves from the Triad trojan in this new campaign that targets mod versions of WhatsApp:

Install apps only from official stores and trusted resources;

Remember to check the permissions you give to installed apps; some of them can be very dangerous! It is important to read what you are accepting;

Install a reliable mobile antivirus. It will be able to detect and avoid potential threats.

