WhatsApp is a popular messenger app, and therefore, like any popular messenger, it has several unofficial versions that offer additional functionality. While unofficial versions are often tempting, they also pose a significant security risk.
An example of this problem is YoWhatsApp. Security researchers found that a malicious version of the app is stealing user data. This data can be used to hijack people’s WhatsApp accounts.
So why is YoWhatsApp a security risk and why should users avoid such apps?
What is YoWhatsApp?
YoWhatsApp is an unofficial WhatsApp application for Android. Like many unofficial apps, it is popular because it provides additional functionality not found in the official version. YoWhatsApp allows you to customize the look and feel of the app and access additional privacy options. YoWhatsApp is not available on the Play Store and is instead downloaded from other less secure platforms.
Why is YoWhatsApp a security risk?
Secure List reports that a modified version of YoWhatsApp is being used to spread the malware. The tampered version is being advertised on Snaptube and has been modified to steal user data and make users sign up for paid subscription services.
The app itself has been designed to steal WhatsApp user credentials. These can then be used to hijack genuine WhatsApp accounts of people. This is not only a problem for the affected users but also for their contacts. The hacked account can be used to contact people and request payment.
When someone downloads the app, the Triada Trojan is also automatically installed on their phone. This Trojan is designed to get people to sign up for paid subscription services, of which cyber criminals get a cut.
While malicious YoWhatsApp shouldn’t be advertised, it is a concrete example of a wider problem: cyber criminals creating fake or fake versions of popular apps.
Why are unofficial WhatsApp apps a security risk?
To understand the threat posed by unofficial WhatsApp apps, it’s important to look at how the official version works.
WhatsApp uses the client-server model. It means that the user interacts with the client app and the client app communicates with the server using a particular protocol. This protocol is publicly available and allows the creation of unofficial clients, such as YoWhatsApp, which can also communicate with the server.
The problem with unofficial clients is that when you use such an app, you need to provide your WhatsApp login credentials.
When you log in to WhatsApp, you are only giving your login credentials to WhatsApp. When you use an unofficial version, you don’t really know who you’re giving private data to. This makes such apps an ideal target for cyber criminals.
Unofficial apps are also popular among scammers because they are usually not published on the Play Store. Instead, they are downloaded from other platforms that do not perform adequate security checks. This allows a cyber criminal to create a malicious version of an app, upload it and heavily advertise it, hoping to get enough downloads to be profitable.
It is worth noting that the developer of YoWhatsApp is not believed to be involved in anything malicious. Instead, cyber criminals noticed that unofficial apps have a large user base and then created a malicious version to take advantage of that audience.
What are the risks of unofficial WhatsApp apps?
If you use the latest version of YoWhatsApp, or a similar unofficial app, you run the risk of account hijacking first. What happens next largely depends on the intentions of the cyber criminal.
Once the WhatsApp account is hijacked, the scammer gains complete control over the account. You won’t be able to log in and they can access your personal information. This can be used for extortion purposes or to carry out additional attacks against you.
They can also use your WhatsApp account to impersonate you. They may contact people you know and request payment. Or they can ask people to get verification codes. Anyone who agrees to receive a verification code and then provides it to a criminal can then have their account hijacked.
The Triada Trojan attached to YoWhatsApp also requests permission to send and receive SMS. This allows developers to sign you up for expensive subscription services. Trojans are often packaged with malicious apps and the Triada Trojan is just one example.