Latest cybersecurity discoveries reveal that an unofficial WhatsApp messaging application called ‘YoWhatsApp’ has been stealing access keys for user accounts, posing massive security risks. The malicious app works the same way as any instant messaging app and uses the same access permissions as the official WhatsApp app.
However, YoWhatsApp has added features, such as interface customization and blocking chats, which experts believe are established to entice users to install. Because of that, several users have installed the phoney WhatsApp messaging app on their devices, which triggered the discovery that it steals the official WhatsApp app’s access keys to access and control user accounts.
Researchers found the YoWhatsApp campaign through previous investigations for the Triada Trojan hidden on modded WhatsApp messaging apps.
The Triada Trojan is a malware strain that hides inside modded app versions of WhatsApp, such as the YoWhatsApp. Based on reports, once a user installs this app and enters their details, the trojan inside it will send the information to the malicious operators’ remote server.
Any malicious actor can use the stolen access keys to connect, control, and perform several actions without the owner of those keys. To this point, there are no reports that the stolen access keys were misused for cyberattacks. However, experts are concerned that they will be used to hack users’ accounts, fraud, or sell the data to other threat actors.
YoWhatsApp is usually promoted through Snaptube advertisements, a widely used video downloader platform that has previous cases of being bombarded with malvertisements.
Moreover, the researchers’ analysis of the YoWhatsApp app shows that it requests users’ permissions similar to the real WhatsApp Android messaging app, including access to SMS and calls. If the users grant these permissions, the Triada Trojan will also be allowed to perform those activities.
One of the observed capabilities from the Triada Trojan is that it can register users to premium app subscriptions without their consent, which will generate income for the app’s developers.
Experts advise that people avoid downloading unofficial WhatsApp mods to be safe from the risks of those phoney apps. Furthermore, people must not click on links sent by unknown senders asking to download software or mobile applications since chances are high that those apps contain malware.
Ultimately, the best source for official and safe apps is the Google Play Store; thus, users must only rely on trusted platforms to download apps and not from any third-party sources.
