An unofficial WhatsApp application for Android devices YoWhatsApp has been stealing user account keys, Kaspersky reports.
The app lets users communicate with two WhatsApp numbers on a single device and offers features such as anonymous messaging, the ability to view people’s deleted messages, and password-protecting specific chats.
It also uses similar permissions to the official version of WhatsApp and is promoted on popular applications, including Snaptube and Vidmate.
However, analysts at Kaspersky found that version V2.22.11.75 of the unofficial app can steal account keys, allowing malicious actors to take control of users’ accounts.
“We found a malicious module that we detect as Trojan.AndroidOS.Triada.eq,” Kaspersky said.
“The module decrypted and launched the Trojan.AndroidOS.Triada.ef main payload.”
The modified app then scrapes WhatsApp users’ access keys and sends them to the developer’s remote server.
According to Kaspersky, cybercriminals commonly use the stolen keys in open-source utilities that enable the use of a WhatsApp account without the actual client.
“If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account,” it added.
The permissions requested by YoWhatsApp are the same as those requested by the official app and include aspects like accessing SMS. The trojan within the app gains these same permissions.
Kaspersky noted that the trojan could exploit the permissions and register users to premium subscriptions while leaving them unaware.
YoWhatsApp appears to be trying to spread the use of its app via ad campaigns on Snaptube and VidMate popular video downloaders for Android devices.
Source: My Broadband
