A new and unofficial version of the WhatsApp Android app has been found stealing access keys that can allow threat actors to control users’ accounts.
Dubbed ‘YoWhatsApp’, this modded version of the popular instant messaging app was discovered by research analysts at Kaspersky.
The researchers found that the latest version of YoWhatsApp, v188.8.131.52 deployed an Android trojan that they dubbed as Trojan.AndroidOS.Triada.eq.
This module decrypted and launched the Trojan.AndroidOS.Triada.ef main payload. Then, the modified app scrapes users’ WhatsApp access keys and sends them to a remote server of its developers.
According to Kaspersky, the stolen keys are used by cybercriminals typically in open-source utilities that allow the use of a WhatsApp account without the app.
This malicious app is a fully working messenger that uses the same permissions as the official version of WhatsApp, such as access to SMS, and is endorsed via ad campaigns on popular legitimate Android apps like Snaptube and Vidmate.
It also offers features that the standard WhatsApp does not offer, such as custom backgrounds and fonts for chats, bulk messaging, or password-protected login to certain conversations, encouraging users into installing the modded app.
YoWhatsApp spreads the notorious Triada mobile Trojan that can download other Trojans, issue paid subscriptions, and even steal WhatsApp accounts. However, if the keys are stolen, the user of the malicious WhatsApp mod can lose control over their account.
“To use the WhatsApp mod, users need to log in to their account of the legitimate app. However, along with all the new features, users also receive the Triada Trojan. Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app,” reported Kaspersky.
Kaspersky says that more than 3,600 users have been targeted in the last two months. Although the Russian cybersecurity firm does not reveal whether the stolen access keys were used to carry out malicious activities, it warns that the threat actors could actually use them since they are now stolen.
How To Stay Safe On WhatsApp
In order to stay safe on WhatsApp, users can keep the following points in mind:
- Avoid downloading unofficial WhatsApp mods to reduce the chances of installing malware on your device.
- Only install apps from official stores and reliable resources.
- Remember permissions given to installed apps, as some of them can be very dangerous.
“Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources, may still fall victim to them,” concludes Kaspersky.