An unofficial model of the favored WhatsApp messaging app referred to as YoWhatsApp has been noticed deploying an Android trojan referred to as Triada.
The purpose of the malware is to steal the keys that “permit using a WhatsApp account with out the app,” Kaspersky stated in a brand new report. “If the keys are stolen, a person of a malicious WhatsApp mod can lose management over their account.”
YoWhatsApp affords the power for customers to lock chats, ship messages to unsaved numbers, and customise the app with a wide range of theming choices. It is also stated to share overlaps with different modded WhatsApp shoppers reminiscent of FMWhatsApp and HeyMods.
The Russian cybersecurity firm stated it discovered the malicious performance in YoWhatsApp model 2.22.11.75.
Usually unfold by fraudulent adverts on Snaptube and Vidmate, the app, upon set up, requests the victims to grant it permissions to entry SMS messages, enabling the malware to enroll them to paid subscriptions with out their information.
A profitable theft of the keys can result in a complete compromise of the account, permitting the adversary to entry chat messages and even impersonate the sufferer to ship malspam and conduct monetary fraud.
The event comes amid Meta Platforms submitting a lawsuit towards three builders in China and Taiwan for distributing unofficial WhatsApp apps, together with HeyMods, that resulted within the compromise of over a million person accounts.
The findings additionally arrive slightly over a 12 months after menace actors have been discovered delivering the Triada malware by FMWhatsApp.
“Cybercriminals are more and more utilizing the ability of respectable software program to distribute malicious apps,” the researchers identified. “Because of this customers who select in style apps and official set up sources, should still fall sufferer to them.”
