Weaponized Mod WhatsApp Version “YoWhatsApp” Attempt to Hack Android Devices

Cybersecurity researchers at Kaspersky Security Labs have recently identified an unofficial version of WhatsApp for Android, which is dubbed by experts “YoWhatsApp.”

This unofficial version of WhatsApp is mainly designed to steal users’ account access keys or login credentials. There are many unofficial versions of legitimate apps that are advertised as being unofficial versions. 

While these unofficial versions lure users by advertising features that the official versions do not have. Though YoWhatsApp is an unofficial version of WhatsApp, but, it’s a fully working messenger with some key additional features like we have mentioned below:- 

  • UI customization
  • Blocking access to individual chats
  • Several emojis

Unofficial WhatsApp: YoWhatsApp

There is no difference between YoWhatsApp and the standard WhatsApp application in terms of permissions. The promotion of this unofficial Android mod is done using ads on popular Android apps such as the following ones: 

  • Snaptube
  • Vidmate

In the latest version of YoWhatsApp, version 2.22.11.75, the threat actors were able to obtain the keys to the WhatsApp accounts of their victims and take full control.

It is claimed that YoWhatsApp will allow users to send files up to 700 MB using their service. While there is a limit of 100 MB per file that can be sent from the official app to your contacts, and this makes the YoWhatsApp more appealing.

In a modified version of WhatsApp, the app sends the user’s access keys to a server located remotely on the developer’s server.

With the use of these keys, open-source utilities may be able to connect and perform actions without requiring a client application to be installed.

Triada Trojan is delivered in this mod that can perform the following functions:-

  • Drop malicious payloads
  • Issue paid subscriptions
  • Steal WhatsApp accounts

Over the last two months, Kaspersky has reported that over 3,600 users have been targeted by cybercriminals. A YoWhatsApp clone called WhatsApp Plus has also been detected by Kaspersky as a threat.

The same malicious functionality is also included in this version of the program. It has been discovered that it uses the same VidMate app ad network to spread.

Recommendations

Here below we have mentioned all the recommendations:-

  • Make sure you only install applications from official stores and websites that you can trust.
  • Make sure that you check what permissions you have given to installed apps.
  • Ensure that your smartphone is protected by a reliable mobile antivirus application.
  • Avoid downloading or installing unofficial mods.

Also Read: Download Secure Web Filtering – Free E-book

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

3 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago