Weaponized Mod WhatsApp Version “YoWhatsApp” Attempt to Hack Android Devices

Cybersecurity researchers at Kaspersky Security Labs have recently identified an unofficial version of WhatsApp for Android, which is dubbed by experts “YoWhatsApp.”

This unofficial version of WhatsApp is mainly designed to steal users’ account access keys or login credentials. There are many unofficial versions of legitimate apps that are advertised as being unofficial versions. 

While these unofficial versions lure users by advertising features that the official versions do not have. Though YoWhatsApp is an unofficial version of WhatsApp, but, it’s a fully working messenger with some key additional features like we have mentioned below:- 

• UI customization
• Blocking access to individual chats
• Several emojis

Unofficial WhatsApp: YoWhatsApp

There is no difference between YoWhatsApp and the standard WhatsApp application in terms of permissions. The promotion of this unofficial Android mod is done using ads on popular Android apps such as the following ones: 

• Snaptube
• Vidmate

In the latest version of YoWhatsApp, version 2.22.11.75, the threat actors were able to obtain the keys to the WhatsApp accounts of their victims and take full control.

It is claimed that YoWhatsApp will allow users to send files up to 700 MB using their service. While there is a limit of 100 MB per file that can be sent from the official app to your contacts, and this makes the YoWhatsApp more appealing.

In a modified version of WhatsApp, the app sends the user’s access keys to a server located remotely on the developer’s server.

With the use of these keys, open-source utilities may be able to connect and perform actions without requiring a client application to be installed.

Triada Trojan is delivered in this mod that can perform the following functions:-

• Drop malicious payloads
• Issue paid subscriptions
• Steal WhatsApp accounts

Over the last two months, Kaspersky has reported that over 3,600 users have been targeted by cybercriminals. A YoWhatsApp clone called WhatsApp Plus has also been detected by Kaspersky as a threat.

The same malicious functionality is also included in this version of the program. It has been discovered that it uses the same VidMate app ad network to spread.

Recommendations

Here below we have mentioned all the recommendations:-

• Make sure you only install applications from official stores and websites that you can trust.
• Make sure that you check what permissions you have given to installed apps.
• Ensure that your smartphone is protected by a reliable mobile antivirus application.
• Avoid downloading or installing unofficial mods.

Also Read: Download Secure Web Filtering – Free E-book