Analysts of Kaspersky revealed this week that they had discovered that a WhatsApp modification was stealing access keys for user accounts. called YoWhatsAppthe app is only available for Android devices and is promoted through ads in other apps such as SnapTube and Vidmate.
In practice, this modification allows users to have two WhatsApp numbers on the same smartphone. In addition, it also offers extra features like seeing messages that have already been deleted and blocking specific conversations with passwords.
According to Kaspersky, YoWhatsApp issue is in version 220.127.116.11. According to company analysts, the app would be stealing WhatsApp keys, allowing malicious people to control user accounts.
Based on a report released this Wednesday (12)the WhatsApp modification sent these access keys to the developer’s remote servers.
Once users allowed access to contacts, cameras and the microphone, a trojan called Triada also obtained them.
Kaspersky explains that this malware has the power to abuse permissions to enroll users in signatures without them knowing, making criminals profit from the intrusion, and even attack the system more critically.
The report indicates that the app is improperly promoted by ads on Snaptube, a popular video downloading utility. Kaspersky says it has informed the company about malicious applications advertised on the platform.
A YoWhatsApp clone, called WhatsApp Plus, was also found. It works the same way and was advertised by the VidMate app without its developers being aware.
Developers suspected of stealing WhatsApp accounts
In the week. past, the technoblog reported that Meta is suing three Asian developers. They are suspected of tricking users into downloading fake versions of WhatsApp and stealing a million accounts.
The American company says that at least two malicious apps were distributed: one named “AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and another named “Theme Store for Zap”.
Once installed, apps would gain access to account keys and steal user credentials to send to developers. The purpose of this intrusion would be to send spam to all the victims’ contacts.
Companies, of course, were already in WhatsApp’s sights since last July. At the time, WhatsApp chief executive Will Cathcart made it clear that using fake or modified versions of the messenger it was harmful and could lead to a possible ban.
With information: Kaspersky and Bleeping Computer