Meta is suing three Asian developers suspected of orchestrating a mass fraud. According to the owner of WhatsApp, the companies would have tricked users into downloading fake versions of the messenger and stolen about a million accounts.
Accordingly with the complaintthe suspected companies would be distributing at least two malicious apps: one called “AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and another called “Theme Store for Zap”.
These rogue apps were distributed on the Google Play Store, third-party stores, and the companies’ own websites. The entire scheme, according to the lawsuit, would have started in May this year.
Once installed, the apps accessed the user’s account keys and authentication information, stealing their credentials and sending them to developers. Still based on the lawsuit, the companies would have used this improper access to send spam to all the victims’ contacts.
The giant isn’t just suing the three developers for misusing and infringing on WhatsApp’s trademarks, but also for violating their terms of the contract. That’s because, according to Meta, they would have created business accounts and Facebook pages.
Defendants agreed and were bound by the Meta Terms, Platform Terms and Developer Policies when they created various Facebook Pages and Apps. […] Defendants violated these agreements with Meta by taking the actions described.
WhatsApp and Meta complained that they spent significant “efforts and resources” to “investigate, resolve and mitigate” the issues set out in the complaint.
Referring to the trio of Chinese companies, a statement from the messaging giant said it hoped the legal action would “put developers like them on alert.”
Companies were already in the crosshairs of WhatsApp
In July of this year, Will CathcartWhatsApp’s chief executive, warned that using fake or modified versions of the messenger could involve the theft of personal information.
The executive explained that WhatsApp’s security research team had found malware hidden in WhatsApp-like apps available outside the Google Play Store from a developer called Hey Mods — one of the companies named in the proceedings.
“These apps promised new features, but they were just a scam to steal personal information stored on people’s phones. We shared what we found with Google and worked with them to fight malicious apps,” concluded Cathcarth.
With information: Bleeping Computer and Engadget