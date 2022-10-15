Cybersecurity expert Kaspersky has discovered WhatsApp knock-offs marred with malware that compromises users’ data and privacy. YoWhatsApp version 2.22.11.75 has been identified carrying a malicious module dubbed as Trojan.AndroidOS.Triada.eq. The module decrypts and launches the malware on users’ devices. The malicious module was found stealing various keys required for legitimate WhatsApp to work. For those unaware, keys of interest to the cybercriminals are typically used in open-source utilities that allow the use of a WhatsApp account without the app. If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account.
Another WhatsApp knockoff – YoWhatsApp is also spotted carrying the malicious mod. YoWhatsApp is a fully working messenger with some additional features, such as customizing interface or blocking access to individual chats. When installed, it asks for the same permissions as the original WhatsApp messenger, such as access to SMS. However, these same permissions are granted to the Triada Trojan and similar malware. These malwares can also add paid subscriptions without the user’s knowledge.
According to a check up done by Kaspersky, when a user clicks on WhatsApp ads in the official Snaptube app (MD5: C3B2982854814E537CD25D27E295CEFE), the user is prompted to install the malicious build.
Here’s how you can stay safe
It is advisable to install WhatsApp from official sources only – Google Play Store and App Store. In case you have downloaded one such fake app, make sure you remove it from your phone right away. Also, always check app permissions before downloading it on your smartphone.