Malicious WhatsApp mod spotted infecting Android devices

An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been spotted infecting devices with the known Android Trojan Triada.

Distributed via advertisements on popular Android apps such as Snaptube and VidMate, YoWhatsApp v2.22.11.75 steals WhatsApp keys, allowing hackers to control user accounts.

According to a notice published by Kaspersky on Wednesday, the stolen keys are usually used in open-source utilities that enable the use of a WhatsApp account without the app.

Security experts have also noted that in other respects the infected version of YoWhatsApp is a fully functional messenger with some additional features. During installation, it asks for the same permissions as the original WhatsApp installer, such as access to text messages, which are then shared with the Triada Trojan.

“Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources may still fall victim to them,” Kaspersky wrote.

In particular, malware like Triada can steal an instant messaging account and, for example, use it to send unsolicited messages. It can also easily set up paid subscriptions for the victim.

“Fake apps have been popping up on app stores for years, but it’s interesting to see a duplicate app attracting people with additional features that may persuade users to favor this one,” said Jake Moore. , Global Cybersecurity Advisor at ESET. Infosecurity.

“However, using this unofficial app may harm users’ genuine accounts or even give access to their accounts to fraudsters.”

According to the executive, account takeover and loss of sensitive or personal data are significant security risks as they can lead to further targeted attacks.

“With this additional false authenticity, people are more easily socially enticed into handing over personal financial information or even launching sophisticated cyber attacks against businesses,” Moore added.

“It is highly recommended to avoid alternative apps like this, but young people who may be targeted by downloading these apps may not be aware of the dangers. Worse still, when they are unaware of the risks, awareness advice therefore needs to be carefully disseminated via peers and the platforms they frequent.”

The discovery behind the malicious version of YoWhatsApp comes days after Zimperium discovered a family of Android spyware dubbed “RatMilad” trying to infect a corporate device in the Middle East.