YoWhatsApp, an unauthorized WhatsApp Android app, has a new version that has been discovered to steal account access keys from users.
YoWhatsApp is a fully functional chat app that uses the same permissions as the default WhatsApp app. And is advertised via pop-up ads on well-liked Android programmes like Snaptube and Vidmate.
Users are drawn to using the programme because it offers more functionality than ordinary WhatsApp. Such that the option to alter the user interface or restrict access to chats.
YoWhatsApp v2.22.11.75, however, has now been found to steal WhatsApp keys, giving threat actors access to user accounts.
Malicious modded WhatsApp
Threat specialists at Kaspersky, who have been looking into instances of the Triada Trojan hidden inside modified WhatsApp builds since last year, have found the YoWhatsApp campaign.
The modified programme transfers users’ WhatsApp access keys to the developer’s remote server, claims a report that was just released.
According to Kaspersky, these keys can be used in open-source tools to establish connections and carry out actions in the role of the user without a real client.
Although Kaspersky hasn’t said whether these stolen access credentials have been misused, they can result in an account takeover. The exposure of private contacts’ sensitive messages, and the impersonation of trusted individuals.
The malicious Android app asks for rights including access to SMS, which is also granted to the Triada Trojan that is integrated into the programme. Just like the legitimate WhatsApp Android app.
According to Kaspersky, the virus can take advantage of these permissions to sign up its victims for premium subscriptions. Without their knowledge and earning money for its distributors.
Also Read: Critical WhatsApp bugs might have enabled remote device hacking by attackers.
The campaigns
Ads for the modified YoWhatsApp can be found in Snaptube, a well-liked video downloader that has recently been the victim of deceptive advertising.
This distribution route has to be shut down quickly after Snaptube received a warning from Kaspersky about fraudsters pushing dangerous programmes through its advertising platform.
A configurable user interface, unique chat room blocks, and other capabilities not offered by the WhatsApp client. But that many users would like to have are among the extras offered by the malicious app.
Additionally, YoWhatsApp clone “WhatsApp Plus,” which propagated through the VidMate software without the creators’ knowledge. It was discovered by Kaspersky to have the same dangerous behavior.
This month, Meta filed a lawsuit against three Chinese businesses operating as HeyMods, Highlight Mobi. And HeyWhatsApp for creating “unofficial” WhatsApp applications that stole more than one million WhatsApp accounts.
Also, Read WhatsApp Voice message Phishing emails spreading software that steals personal information.
Recommendation
Even if not all unauthorized WhatsApp mods are harmful. It would be good to stay away from them entirely if you want to reduce the likelihood of malware getting installed on your device.
This is a bad practice because of the apps that advertise malicious WhatsApp versions. They can only be downloaded as APKs from sources other than the Google Play Store.
Triada can take advantage of people’s confidence in their close-knit social network by using these keys to send dangerous spam from a stolen account.
Therefore, be wary of direct messages from contacts encouraging you to click on odd links or advertising software. When you get texts like these, make sure to get in touch with your friends and relatives to ask them if they sent the SMS.
