YoWhatsApp, an unauthorized WhatsApp Android app, has a new version that has been discovered to steal account access keys from users.
YoWhatsApp is a fully functional chat app that uses the same permissions as the default WhatsApp app and is advertised via pop-up ads on well-liked Android programmes like Snaptube and Vidmate.
Users are drawn to use the programme because it offers more functionality than ordinary WhatsApp, such as the option to alter the user interface or restrict access to chats. YoWhatsApp v126.96.36.199, however, has now been found to steal WhatsApp keys, giving threat actors access to user accounts.
Threat specialists at Kaspersky, who have been looking into instances of the Triada Trojan hidden inside modified WhatsApp builds since last year, have found the YoWhatsApp campaign.
The modified programme transfers users’ WhatsApp access keys to the developer’s remote server, claims a report that was just released. According to Kaspersky, these keys can be used in open-source tools to establish connections and carry out actions in the role of the user without a real client.
Although Kaspersky hasn’t said whether these stolen access credentials have been misused, they can result in account takeover, the exposure of private contacts’ sensitive messages, and impersonation of trusted individuals.
The malicious Android app asks for rights including access to SMS, which is also granted to the Triada Trojan that is integrated in the programme, just like the legitimate WhatsApp Android app. According to Kaspersky, the virus can take advantage of these permissions to sign up its victims for premium subscriptions without their knowledge and earn money for its distributors.
Even if not all unauthorized WhatsApp mods are harmful, it would be good to stay away from them entirely if you want to reduce the likelihood of malware getting installed on your device. This is a bad practice because the apps that advertise the malicious WhatsApp versions can only be downloaded as APKs from sources other than the Google Play Store.
Triada can take advantage of people’s confidence in their close-knit social network by using these keys to send dangerous spam from a stolen account.
Therefore, be wary of direct messages from contacts encouraging you to click on odd links or advertising software. When you get texts like these, make sure to get in touch with your friends and relatives to ask them if they sent the SMS.