Android users who download Apps from the Google Play Store must be absolutely careful, as many of the Apps launched on its platform are operated by hackers from the dark web. Recently, an unauthorized App advertised as an WhatsApp Android, according to cyber analysts, has been tracked to a harmful malware that steals users’ accounts.
The Kaspersky analysts stated that they’ve discovered the YoWhatsApp application, which is an unauthorized Android App that was launched as a WhatsApp add-on. This newly uploaded App once downloaded targets and steals the access keys of WhatsApp accounts.
YoWhatsApp was documented to be a fully functional chat App, which mimics the original WhatsApp; what’s more, it even grants the same permissions.
The hackers behind the malicious App have been advertising it on Vidmate and Snaptube through targeted pop-up advertisements. Accordingly, the flashy Ads are able to entice unsuspecting victims to download the App, since its adverts states it boasts far more capabilities than regular WhatsApp.
Also, the default WhatsApp App functionality states other options like the restriction of access to chat messages, and the ability to alter the program’s user interface.
However, all those promised options are just a front as the YoWhatsApp v188.8.131.52, when analyzed, shows that it only allow hackers to access and stealing WhatsApp account keys.
Malicious WhatsApp Mods
Cyber specialists at Kaspersky detailed instances of the Triada Trojan hidden inside the modified WhatsApp. With the YoWhatsApp campaign, the modified program transfers users’ WhatsApp access keys to the remote server of the dark web hackers.
The malicious program targets WhatsApp keys, according to Kaspersky, who documented that the stolen keys can be utilized in open-source hacking tools. This then allows the threat actors to establish connections via the stolen account, and carry out dangerous actions, as the account owner without a real client.
Although Kaspersky hasn’t said whether these stolen access credentials have been misused, they can result in account takeover, the exposure of private contacts’ sensitive messages, and the impersonation of trusted individuals.
The rogue app asks for rights like accessing SMS just like the legitimate WhatsApp Android app. In addition, SMS access is permitted to the Triada Trojan, which is embedded in the malicious App.
According to Kaspersky, the virus can take advantage of these permissions to sign up its victims for premium subscriptions without their knowledge and earn money for its distributors.
WhatsApp users are warned to look out for enticing Ads for the modified YoWhatsApp on the Snaptube social platform. Meanwhile, this well-liked video downloader has also been a victim of deceptive advertising.
For now, the distribution route was shut down quickly after Snaptube received a warning from Kaspersky about criminal hackers pushing dangerous programs through its advertising platform.