Weaponized Mod WhatsApp Version “YoWhatsApp” Attempt to Hack Android Devices

Cybersecurity researchers at Kaspersky Security Labs have recently identified an unofficial version of WhatsApp for Android, which is dubbed by experts “YoWhatsApp.”

This unofficial version of WhatsApp is mainly designed to steal users’ account access keys or login credentials. There are many unofficial versions of legitimate apps that are advertised as being unofficial versions. 

While these unofficial versions lure users by advertising features that the official versions do not have. Though YoWhatsApp is an unofficial version of WhatsApp, but, it’s a fully working messenger with some key additional features like we have mentioned below:- 

  • UI customization
  • Blocking access to individual chats
  • Several emojis

Unofficial WhatsApp: YoWhatsApp

There is no difference between YoWhatsApp and the standard WhatsApp application in terms of permissions. The promotion of this unofficial Android mod is done using ads on popular Android apps such as the following ones: 

  • Snaptube
  • Vidmate

In the latest version of YoWhatsApp, version, the threat actors were able to obtain the keys to the WhatsApp accounts of their victims and take full control.

It is claimed that YoWhatsApp will allow users to send files up to 700 MB using their service. While there is a limit of 100 MB per file that can be sent from the official app to your contacts, and this makes the YoWhatsApp more appealing.

In a modified version of WhatsApp, the app sends the user’s access keys to a server located remotely on the developer’s server.

With the use of these keys, open-source utilities may be able to connect and perform actions without requiring a client application to be installed.

Triada Trojan is delivered in this mod that can perform the following functions:-

  • Drop malicious payloads
  • Issue paid subscriptions
  • Steal WhatsApp accounts

Over the last two months, Kaspersky has reported that over 3,600 users have been targeted by cybercriminals. A YoWhatsApp clone called WhatsApp Plus has also been detected by Kaspersky as a threat.

The same malicious functionality is also included in this version of the program. It has been discovered that it uses the same VidMate app ad network to spread.


Here below we have mentioned all the recommendations:-

  • Make sure you only install applications from official stores and websites that you can trust.
  • Make sure that you check what permissions you have given to installed apps.
  • Ensure that your smartphone is protected by a reliable mobile antivirus application.
  • Avoid downloading or installing unofficial mods.

Also Read: Download Secure Web Filtering – Free E-book


BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Burp Suite 2023.6 Released – What’s New!

PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional…

16 hours ago

North Korean Hackers Mimic Journalists To Steal Credentials From Organizations

The North Korean APT group Kimsuky has been running a social engineering operation that targets experts…

1 day ago

Over 60,000 Android Apps Silently Install Malware on Devices

Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine…

1 day ago

Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update

Google has recently taken prompt security measures by releasing a security update for its Chrome…

2 days ago

MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and…

2 days ago

10 Best Vulnerability Scanner Tools For Penetration Testing – 2023

A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities…

2 days ago