A fraudulent version of WhatsApp is circulating, stealing accounts and personal information from thousands of users. Analysts at the cybersecurity firm Kaspersky Lab shared the report.
This unauthorized version is known as “YoWhatsApp,” a fully functional messaging program that steals user account access credentials. It has the same permissions as conventional WhatsApp and is promoted through advertisements on other scam applications like Snaptube and Vidmate.
However, unlike the original WhatsApp, YoWhatsApp allows you to link two cell phones to a single account and includes added capabilities such as anonymous texting, reading deleted messages, and password-protecting chats.
The current version of YoWhatsApp (v188.8.131.52) is collecting WhatsApp keys, allowing attackers to gain control of your account, according to Kaspersky experts. The developer’s remote server receives the stolen WhatsApp keys.
These keys can be used in open-source tools to connect to the server and conduct operations as the user without using the client.
Although it is unknown if these keys have been used in any attacks thus far, they are nonetheless causing concern because they can lead to account takeovers, data breaches, impersonation of close contacts, and other issues.
The Triada Trojan is implanted in the app, leaving an open backdoor for the software. It can use app permissions to sign you up for premium subscriptions without your awareness.
Other phony WhatsApp versions exist, one of which is known as “WhatsApp Plus.” It has the same nasty features for account theft and more.
Fortunately, none of these applications is accessible on the Google Play Store; thus, at the time of writing, they should not be able to damage most users.