Unofficial clone of a well-known messenger stole login data

November 2, 2022

‘YoWhatsApp’ is a new clone of the popular instant messaging application ‘WhatsApp’ for Android. At first glance, the app does not differ much from its original. However, it has features not found in the official version of the app (such as interface personalization), which may encourage potential users to install it. Among the interesting options, there is also an unwanted functionality, namely sending our login data to the app developers.

The vulnerability was hiding in the app for more than a year, and was discovered by Kaspersky’s security team, which investigated the Trojan – Triad – found in the app. According to the report, credential keys were sent that could be used in other tools, which did not require the use of the official version of the application. What’s more, the permissions we gave to the app were also used by the said malware (e.g. access to contacts, messages, etc.), which could end up in subscriptions to premium SMS services.

As is usually the case, the app was distributed through ads in other apps, which posed quite a threat to unsuspecting users. In addition, a similar version of the app – ‘Whatsapp Plus’ – was found, which is also infected with the malware.

Fortunately, both apps are not available in the official Google store, but it is worth remembering not to install apps from unknown sources. This rarely ends well, which was exemplified by a similar situation where a malicious version of the popular ‘Bolt’ app was available to steal logins and passwords to users’ bank accounts.



Unofficial WhatsApp Android app caught stealing users’ accounts

Published by: CERT EXATEL

Related articles