This WhatsApp Android knock-off is hijacking user accounts
>
Researchers have discovered that multiple WhatsApp knockoff applications steal the legitimate WhatsApp user access keys.
With these keys, the authors of the apps can run all sorts of malicious campaigns, including one where the victims lose their hard-earned money.
Kaspersky cybersecurity researchers recently discovered two messaging apps (opens in new tab) for Android, obviously aimed at WhatsApp users. One is called YoWhatsApp and the other WhatsApp Plus. Both apps offer pretty much the same functionalities as the actual WhatsApp app, and then some. According to the report, YoWhatsApp also apparently comes with a customizable interface and individual chat room blocks.
Stealing access keys
However, what users do not see is that these apps steal legitimate WhatsApp access keys and send them to the authors of the knock-off, allowing the attackers to gain access to the victims’ user accounts.
According to Kaspersky, the keys can be used in open-source tools and attackers can perform various actions without the user’s consent. In addition to actions, the attackers can also eavesdrop on the conversations, steal identity (opens in new tab) data and the like.
The researchers also said the attackers could use this access to subscribe the victims to premium services, charge them fees and generate revenue.
The apps were advertised through a number of legitimate Android apps, and Kaspersky suspects that the developers were unaware that they were being used to promote malware. The authors have since been notified and Kaspersky expects these distribution channels to be closed soon. Still, users who have downloaded these apps are at risk as long as the apps are installed on their endpoints.
Popular Android apps have many drawbacks, and while not all of them are malicious, it’s best to just stay away from them, researchers suggest. These types of apps are rarely found in Google’s official app repository, the Play Store, and are more likely to be downloaded as an .APK from third-party sources. That alone should be enough as a red flag, they say.
Through: BleepingComputer (opens in new tab)