This WhatsApp Android App Was Caught Stealing Log In Credentials From Users

A common assumption among app users is that if they stick to apps that are well known they would be less likely to suffer from a cyber attack with all things having been considered and taken into account. In spite of the fact that this is the case, not all famous apps are safe if you download unofficial versions of them because of the fact that this is the sort of thing that could potentially end up infecting your device with malware.

With all of that having been said and now out of the way, it is important to note that an unofficial app for WhatsApp on the Google Play Store was found to be stealing access keys from users. Log in credentials comprise the most sensitive bits of data that users can own, and losing them can result in malicious actors being able to access user accounts quite easily.

One might wonder why anyone would download this fake version of WhatsApp called YoWhatsApp, but it has features that the original version of WhatsApp does not offer that might make it more appealing than might have been the case otherwise. These features include customizable chat interfaces, and users who want them might be willing to take the risk.

This app is being promoted through a host of other Android apps including Vidmate and Snaptube. These apps are partly to blame for the spread of YoWhatsApp and all of the data theft that ensued due to its presence.

This modded version of WhatsApp is embedded with a notorious Trojan called Triada. It works by sending access keys used to log in to WhatsApp to the app developer, and they can then use it to secretly access user accounts. That can lead to various forms of data theft, especially considering that people often exchange highly confidential information through WhatsApp due to their assumption that it would be encrypted.

Users should know that only the original WhatsApp app is encrypted, and anything else would be too risky for them to use. This app is the latest threat to emerge on the Play Store.


H/T: Kaspersky

Read next: Password Thieves Are Detecting Body Heat to Track Keystrokes
Previous Post Next Post