- “YoWhatsApp” is a fake version of WhatsApp that steals access keys for user accounts.
- It uses the same permissions as the real WhatsApp and is advertised on other scam apps.
- Other fake versions can be found in the Google Play Store, but most users should be safe.
A fake version of WhatsApp is out there that steals user accounts and personal information from thousands of people. Analysts at the security company Kaspersky shared the report.
This unofficial version is called “YoWhatsApp,” and it is a fully functional messenger app that steals access keys for user accounts.
It even uses the same permissions as the real WhatsApp and is advertised on other scam apps like Snaptube and Vidmate.
But unlike the original version of WhatsApp, YoWhatsApp lets you link two phone numbers to one account and has extra features like anonymous messaging, viewing deleted messages, and password-protecting chats.
Kaspersky researchers found that YoWhatsApp v184.108.40.206 steals WhatsApp keys, allowing attackers to take control of your account. The stolen keys for WhatsApp are sent to the developer’s server, which is far away.
It’s not clear if these keys have been used in any attacks yet, but it’s still a worry because it could lead to account takeovers, data leaks, impersonation to close contacts, and more.
The Triada Trojan is built right within the app, providing a backdoor for malicious actors to access the app at will. It can use app permissions to sign you up without your knowledge for paid subscriptions.
There are also other fake versions of WhatsApp, such as “WhatsApp Plus.” It has the same bad features that can be used to steal accounts and more.
Neither of these apps, thankfully, can be found in the Google Play Store, meaning they should be safe from harm for the vast majority of users right now.