Thursday, February 22, 2024

Fake WhatsApp steals accounts and personal data

Thousands of users have their accounts and personal data did steal by a fake WhatsApp knockoff. Kaspersky Labs, a cybersecurity firm, did release the research and makes it available to the public.

YoWhatsApp is a fake but fully functional fork of WhatsApp that can steal users’ login credentials (personal data). It’s did promote through adverts on other fake video-sharing apps like Snaptube and Vidmate and even uses the same permissions as the official WhatsApp.

YoWhatsApp, in contrast to the original version of WhatsApp, allows you to link two mobile numbers to a single account and includes additional capabilities including anonymous texting, examining deleted messages, and password-protecting chats.

Kaspersky researchers found that YoWhatsApp v2.22.11.75 steals WhatsApp keys, allowing attackers to take control of your account. The vulnerable WhatsApp keys are did send to the app’s developer’s server.

With these keys, open-source tools can connect and operate in place of the user without the need for the user to actually present.

Whether or not these keys are did use in attacks thus far is unknown. But the potential for account takeovers, data leaks, impersonation to close contacts, and other harms makes the situation extremely worrying.

Read more: Tesla will release its own smartphone: Tesla Model Pi

The Triada Trojan is built into the software, providing a backdoor into the app. It can take advantage of your app’s permissions to sign you up for premium services without your awareness.

Besides “WhatsApp Plus,” there are other phony versions of the popular messaging app. It includes the same malicious components used in previous iterations, including those used to steal user credentials.

Neither of these apps is currently did feature in the Google Play Store. Thus they should be safe from harm for the vast majority of users.

Leave a Reply

Inline Feedbacks
View all comments

Read more

Latest news
Would love your thoughts, please comment.x