Modified WhatsApp app infects Android devices with malware


An unofficial version of the popular WhatsApp messaging app called YoWhatsApp was observed deploying an Android Trojan known as Triada.

The malware’s purpose is to steal keys that “enable use of a WhatsApp account without the app,” Kaspersky said in a new report. “If the keys are stolen, a user of a malicious WhatsApp mod can lose control of their account.”

cyber security

YoWhatsApp offers users the ability to lock chats, send messages to unsaved numbers, and customize the app with a variety of theme options. It is also said to share overlaps with other modded WhatsApp clients such as FMWhatsApp and HeyMods.

The Russian cybersecurity firm said it found the malicious feature in YoWhatsApp version

whatsapp mod

Typically spread through scam ads on Snaptube and Vidmate, the app, upon installation, asks victims to grant it permissions to access SMS messages, allowing the malware to sign them up for paid subscriptions without their knowledge.

A successful theft of keys can lead to total account compromise, allowing the adversary to access chat messages and even impersonate the victim to send spam and commit financial fraud.

cyber security

The development comes as Meta Platforms files a lawsuit against three developers in China and Taiwan for distributing unofficial WhatsApp apps, including HeyMods, which led to the compromise of more than one million user accounts.

The findings also come just over a year after threat actors were discovered spreading Triada malware via FMWhatsApp.

“Cybercriminals are increasingly using the power of legitimate software to distribute malicious applications,” the researchers pointed out. “This means that users who choose popular apps and official installation sources can still fall victim to it.”

Source link