Recent reports reveal an unofficial WhatsApp app, ‘Yo WhatsApp’, that has been stealing access keys for users’ accounts. This malicious app has been promoted through ads in other Android applications such as Snaptube, which allows users to download YouTube videos.
Malicious Features Unseen in Official App
The fraudulent app, according to Kaspersky, has been found to be sending users’ WhatsApp access keys to the developer’s remote server. This could allow attackers to see conversations, steal data, and set up paid subscriptions without the user’s knowledge. It was also discovered that the app was providing features unseen in the official WhatsApp app, such as the ability to customise the user experience and individual chat room blocking.
Similar App ‘WhatsApp Plus’
Another similar app, called “WhatsApp Plus”, was also being spread through the Vidmate app. This app also had similar malicious features and issues. Vidmate did not respond to The Independent’s request for comment before time of publication.
Kaspersky Investing in Malware Detection
Kaspersky suggests that the distribution channels will be closed soon and says it is likely the companies were unaware malware was being shared. The security company has been investigating the Trida malware in WhatsApp clones over the past year, and is especially difficult to detect due to its ability to modify a core process in the Android OS and substitute the phone’s system functions.