WhatsApp It is the most used messaging app in the world to communicate with others. This app is owned by Meta (Facebook), and it moves billions of messages of all kinds, both personal and work-related, every day. For this reason, this platform has become one of the most striking targets for hackers, carrying out all kinds of techniques to take control of user accounts. And, today, Kaspersky warns of a new app that has been masquerading as Kaspersky for some time in order to hack user accounts.
Fake apps, and clones, are always the order of the day on Android. This allows hackers to pose as developers and launch applications such as Google without raising alarm bells. YoWhatsApp.
YoWhatsApp promised to be an alternative client for WhatsApp, which allowed us to get more out of the messaging app with functions that are not included by default. This app also operated with the same permissions as the original WhatsApp, which, in theory, shouldn’t set off anyone’s alarms.
However, although they have been on the Google app store for a long time, and have even been promoted through supposedly legit advertising platforms, the hackers behind this app have made a mistake. And Kaspersky has realized this.
The app steals WhatsApp keys and allows you to take control
YoWhatsApp developers have taken advantage of the latest update of this unofficial WhatsApp client, 2.22.11.75, to hide malicious code inside. Thanks to it, when users log in with their WhatsApp account in this app, the code is responsible for stealing the account’s authentication and encryption keys and sending them to hackers.
With these keys, any user can take full control of any user’s account and use it both to read the messages that have been sent and to send their own messages to other users, even without leaving a trace.
This app has been promoted through very popular applications, such as Snaptube, a very complete tool for downloading all kinds of videos from the Internet. As soon as Kaspersky detected the threat, he notified the platform, which removed the ads for this app from its website. Of course, the security firm has found other alternative WhatsApp clients, such as whatsapp plus, which use the same technique both to advertise themselves (through advertisements on popular websites and platforms) and to steal the passwords of their victims’ WhatsApp clients. Therefore, it is difficult to know how far this campaign goes.
It is not the first time something like this happens. Last year, without going any further, Kaspersky also detected that a very famous WhatsApp mod, fmwhatsapp, it had been purposefully modified to hide the Triada Trojan inside. And, when a victim installed the app on his Android, he took complete control of it without raising the slightest suspicion.
Target against WhatsApp clients
Unofficial WhatsApp clients have been a problem for the company for a long time. But, luckily, Meta is beginning to put a solution in one way or another. Without going any further, this month it has begun to take legal action against other apps, such as HeyMods, Highlight Mobi and HeyWhatsApp, for going against their terms of use and service.
The only way to stay safe when using WhatsApp is to use the authentic app, also downloaded from the App Store or Play Store on iOS and Android respectively. Anything outside of it not only jeopardizes our privacy, but may also result in Meta preventing us from using their service any further.
