Be Aware. Fake WhatsApp Caught Stealing Users' Data

October 13, 2022 By Alberto Mesti

(Image Credit Google)

YoWhatsApp, an unauthorized WhatsApp Android app, has a new version that has been discovered to steal account access keys from users. YoWhatsApp is a fully functional chat app that uses the same permissions as the default WhatsApp app and is advertised via pop-up ads on well-liked Android programmes like Snaptube and Vidmate. Users are drawn to use the programme because it offers more functionality than ordinary WhatsApp, such as the option to alter the user interface or restrict access to chats. YoWhatsApp v2.22.11.75, however, has now been found to steal WhatsApp keys, giving threat actors access to user accounts.

Threat specialists at Kaspersky, who have been looking into instances of the Triada Trojan hidden inside modified WhatsApp builds since last year, have found the YoWhatsApp campaign. The modified programme transfers users' WhatsApp access keys to the developer's remote server, claims a report that was just released. According to Kaspersky, these keys can be used in open-source tools to establish connections and carry out actions in the role of the user without a real client. Although Kaspersky hasn't said whether these stolen access credentials have been misused, they can result in account takeover, the exposure of private contacts' sensitive messages, and impersonation of trusted individuals. The malicious Android app asks for rights including access to SMS, which is also granted to the Triada Trojan that is integrated in the programme, just like the legitimate WhatsApp Android app. According to Kaspersky, the virus can take advantage of these permissions to sign up its victims for premium subscriptions without their knowledge and earn money for its distributors. yowhatsapp

Even if not all unauthorized WhatsApp mods are harmful, it would be good to stay away from them entirely if you want to reduce the likelihood of malware getting installed on your device. This is a bad practice because the apps that advertise the malicious WhatsApp versions can only be downloaded as APKs from sources other than the Google Play Store. Triada can take advantage of people's confidence in their close-knit social network by using these keys to send dangerous spam from a stolen account. Therefore, be wary of direct messages from contacts encouraging you to click on odd links or advertising software. When you get texts like these, make sure to get in touch with your friends and relatives to ask them if they sent the SMS.

By Alberto Mesti

Introvert. Eccentric at times. A fashion enthusiast, designer and writer. Lives for the drama, hates being at the centre of it. Can be best described as \'wannabe modern day Lady Whistledown\'.

Be Aware. Fake WhatsApp Caught Stealing Users' Data

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Amazon's Conversational Genie to Answer Product Queries

Threads is working on an API for developers

Elon Musk's X Introduces 2 New Special Membership Plans

Amazon Clinic Expands to Treat Coughs, Colds, and Flu

Google is making password-killing technology available to all accounts

TikTok Executive Confirms Manual Promotion of Content on Platform