According to the new report, YoWhatsApp is a fully-functional WhatsApp mod that unlocks new features to entice users. It offers features like a customizable interface and chat blocking, something the official WhatApp app for Android doesn’t boast. These added capabilities pull people towards it. The mod is distributed through ads on Snaptube, a widely used video downloader that has a history of malicious advertising. Once users click on the ad and install the app, it begins its malicious activities. For users, everything will seem normal. YoWhatsApp will ask for the same set of permissions as the official app, such as access to contacts, cameras, the microphone, and more, all of which are necessary for its proper functioning. But, the same permissions are unknowingly granted to the Triada trojan as well. The trojan can abuse the permissions to sneakily register users to paid subscriptions and earn off it. Worse yet, it can steal access keys which can lead to extensive damage if abused by attackers. Kaspersky didn’t state if it found any abuse of the stolen access keys yet. But, the report mentions that the keys can enable threat actors to take over the victim’s WhatsApp account (via). The attacker can then leak sensitive personal communications, impersonate the victim to perform other actions without their knowledge, or launch an even more devastating attack.
YoWhatsApp also has a clone
Kaspersky also found a clone of YoWhatsApp. Named WhatsApp Plus, the cloned app is available to download from VidMate, another popular video downloader for Android. Once installed, it can perform the same malicious activities without the victim’s knowledge. The report notes that VidMate’s internal app store is offering WhatsApp Plus, which tells about its poor security measures. The research firm has already notified Snaptube about trojan-laden YoWhatsApp on its platform. So the company will likely remove it soon. If you have it or WhatsApp Plus installed on your phone, uninstall it right away. WhatsApp is the world’s most popular messaging app with over two billion monthly users, and it’s advisable for everyone to always use the official app available from the Google Play Store or App Store. Moreover, you should also avoid using apps that show too many intrusive ads. You may accidentally click on an ad and that can lead to these kinds of malicious apps entering your phone. Another thing to note is that both Snaptube and VidMate are not available on the Play Store. Avoid using such apps too, as they aren’t evaluated by Google for the safety and security of your data.
