YoWhatsApp, an official WhatsApp client for Android smartphones, has been discovered to steal account access keys from users.
YoWhatsApp is a fully functional chat app that uses the same permissions as the default WhatsApp app and is advertised via pop-up ads on well-liked Android programmes like Snaptube and Vidmate.
With the app, users may interact with two WhatsApp numbers on the same device and take use of features like anonymous chatting, viewing people’s deleted messages, and password-protecting particular chats.
YoWhatsApp v2.22.11.75 was found to be stealing WhatsApp keys, allowing threat actors to take over user accounts, according to Kaspersky analysts.
The modified programme transfers users’ WhatsApp access keys to the developer’s remote server, claims a Kaspersky study. The statement said, “These keys can be utilised in open-source tools to connect and do operations in the user’s place without the actual client.”
Although Kaspersky hasn’t said whether these stolen access credentials have been misused, they can result in account takeover, the exposure of private contacts’ sensitive messages, and impersonation of trusted individuals.
The malicious Android app asks for rights including access to SMS, which is also granted to the Triada Trojan that is integrated in the programme, just like the legitimate WhatsApp Android app.
According to Kaspersky, the virus might take advantage of the permissions and register users for premium subscriptions without their knowledge.
Ads for the modified YoWhatsApp can be found in Snaptube, a well-liked video downloader that has recently been the victim of deceptive advertising. Snaptube has been warned about cybercriminals distributing harmful programmes through its ad platform by Kaspersky.
Kaspersky also found a YoWhatsApp clone named “WhatsApp Plus,” featuring the same malicious functionality, spread via the VidMate app, presumably without its authors knowing about it.
