The researchers discovered this unofficial Android application steals the access keys for the user accounts.
Inner deets on the app
Mod apps mostly get advertised as the unofficial versions of some legitimate apps having features that official ones do not support. YoWhatsApp comes across as a working messenger that supports addon features, using customizing of the interface or even blocking access for individual chats. The WhatsApp version also for the same permissions as does the original app including accessing the SMS box. With all these, a user will receive the Triada Trojan. Once this infects the victim, the attackers download and then run malicious payload on device, and also have hold on keys to the account on official WhatsApp app.
The malware gets the ability for stealing accounts and getting money from the victims via signing users up for the paid subscriptions. The mod delivers Triada Trojan that can drop malicious payloads, issue some paid subscriptions, and then steal WhatsApp accounts. Kaspersky reports that more than 3500 users has been targetted in the last couple of months.
The advert
This YoWhatsApp app was advertised on official Snaptube app. Experts found the malicious app had also been build into Vidmate app that is designed for saving and watching videos from the platform YouTube. Earlier in 2021, Kaspersky had spotted a modified version for WhatsApp on Android, that also delivered Triada Trojan.
An end note
For staying safe, researchers recommend installing applications only from the official store and reliable resources. Use a mobile antivirus on the smartphone, is also useful. Kaspersky sent out a statement reading,“Cybercriminals are increasingly using the power of legitimate software to distribute malicious apps. The user’s money is also at risk, as the malware can easily set up paid subscriptions for the victim.”