YoWhatsApp! That’s the name of the WhatsApp clone that has been stealing access keys from user accounts. While it uses the same permissions as that of the official WhatsApp, it offers extra features such as customizing the interface or blocking access to selective chats.

Diving into details

  • The fully functional messaging app is delivered by Android apps such as Videomate and Snaptube. 
  • YoWhatsApp 2.22.11.75 version contains the malicious code, which Kaspersky identified as the Triada trojan. 
  • The app sends the stolen WhatsApp access keys to the developer’s remote server, which can be leveraged to perform actions as a user. 
  • Researchers spotted another YoWhatsApp clone, dubbed WhatsApp Plus, which is being disseminated via Vidmate.

Other recent threats involving WhatsApp

GB WhatsApp, a cloned, third-party unofficial WhatsApp, was found spying on Indian users. Since the app is not available on Google Play Store and hence, multiple versions of the app were found delivering malware. 
  • Meta sued multiple Chinese companies, including HeyWhatsApp, HeyMods, and Highlight Mobi. Starting May, they pilfered over a million WhatsApp accounts. 
  • North Korea-linked Zinc was found targeting individuals on LinkedIn by posing as recruiters in defense, media, and technology firms. The attackers attempted to, subsequently, coax the victims to move to WhatsApp from LinkedIn for malware delivery.

The bottom line

Threat actors abusing legitimate applications to proliferate their malicious intents is nothing new. It is recommended to not download any unofficial WhatsApp mods to reduce the chances of inviting malware on smartphone devices.
Cyware Publisher

Publisher

Cyware