Malicious WhatsApp mods on Android have been discovered using malware to take over users' accounts, allowing hackers to impersonate victims, send spam, and even set up paid subscriptions.
Spotted by cybersecurity experts Kaspersky, knock-off messaging apps of the popular messaging platform, including "YoWhatsApp" and "Whatsapp Plus," used malicious code in a new version of their dedicated apps in a known malware labeled Triada Trojan.
In YoWhatsApp version 2.22.11.75, a malicious module allows the app to steal keys for the legitimate WhatsApp, giving threat actors the ability to take over a user's account. As the report points out, these keys also allow the use of a WhatsApp account without actually having the app.
YoWhatsApp asks for the same permissions as WhatsApp, including access to SMS, meaning the same permissions are then granted to the Triada Trojan malware. The cybercriminals can then take control of the account, with the user losing access, to send messages impersonating the user, send malicious spam, and set up paid subscriptions — generating a profit without the user's knowledge.
The unofficial apps are spread ads in popular apps such as Snaptube and Vidmate. YoWhatsApp is known to be a fully functioning messenger app, but adds different features from the official WhatsApp app including a customizable interface and blocking access to individual chats. Not all WhatsApp mods are malicious, but the ones discovered now contain malicious code.
The cybersecurity site notified Snaptube about the malicious app being pushed on its ad platform, meaning its distribution should stop soon. There aren't any known victims the report specifies, but it's a good idea to stay away from these apps.
Kaspersky had previously investigated this malware last year in another modified WhatsApp build called "FMWhatsApp." Now, the code has been spotted in other Android apps.
Watch out for unofficial apps
There are a number of knock-off apps found on Android, offering different features from popular apps that may be of interest to many. However, these are at risk of being set up by hackers looking to steal private information. Earlier this year, we even spotted malware-infested Android apps stealing money.
Despite these apps being advertised on trusted platforms, this doesn't mean they can be trusted. Be aware of what apps you download on Android, and stick to the official apps to stay clear of any malware threat.
The best antivirus apps will help keep an array of threats at bay, including ransomware, spyware, and adware. Recently, we saw a new Android spyware that could record your camera for blackmail, so you'll also want to know whether its worth covering up your camera.
