Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024
  • Security & Privacy News

    Fake WhatsApp software can access users’ messages, send spam and steal money

    aum

    By aum,
    Published Date:

    • 201 views
    • 2 minutes
     Share
    • 201 views
    • 2 minutes

    An unofficial WhatsApp app has been stealing access keys for users’ accounts.

     

    The app, called ‘Yo WhatsApp’, was promoted through ads in other Android applications such as Snaptube, which allows users to download YouTube videos – promoting itself with features Meta’s own client does not such as the ability to customise the user experience or individual chat room blocking.

     

    The fraudulent app was discovered by Kaspersky, who found that the app sent users’ WhatsApp access keys to the developer’s remote server.

    This could allow attackers to see conversations and steal data that could be used for phishing or other cyberattacks. Moreover, the attackers could use this access to “add paid subscriptions without the user’s knowledge”.

     

    A clone of that app, called “WhatsApp Plus”, also spread through the Vidmate app, with similar features and issues. Vidmate also lets users download YouTube, Instagram, Facebook, and TikTok videos.

     

    Vidmate and Snaptube did not respond to The Independent’s request for comment before time of publication.

     

    Kaspersky suggests that the distribution channels will be closed soon, and says it is likely the companies were unaware malware was being shared.

     

    “Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. This means that users who choose popular apps and official installation sources, may still fall victim to them”, the Kaspersky researchers wrote.

     

    “In particular, malware like Triada can steal an IM account, and for example, use it to send unsolicited messages, including malicious spam. The user’s money is also at risk, as the malware can easily set up paid subscriptions for the victim.”

     

    Kaspersky has been investigating the Trida malware in WhatsApp clones over the past year and is especially difficult to detect for two reasons: firstly, the malware modifies a core process in the Android OS that is used as a template for every application, called Zygote. When the Trojan gets into Zygote, it becomes a part of every app that is launched on the device.

     

    Secondly, the app substitutes the phone’s system functions, concealing its modules from the list of the running processes and installed apps – which stops its processes being detected and thereby stays unknown.

     

    Source

    • Karlston, DKT27 and alf9872000
    • Like 3
     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...