YoWhatsApp and WhatsApp Plus were caught stealing user data

And history repeats itself. Last year, the app YoWhatsApp was caught stealing user data by spreading a very dangerous trojan. And it seems that history repeats itself. According to Kaspersky, the app is once again spreading malware that steals users’ data and accounts. WhatsApp of users.

Apart from YoWhatsApp, the most famous modified version of Meta Messenger was also caught. Application “App Updater for WhatsPlus 2021 GB Yo FM HeyMods” stole more than a million accounts from users who believed they were downloading GBWhatsApp, an app that earlier this year was stopped from being distributed by a developer group called HeyMods. In fact, Meta has sued several Asian companies responsible for these applications.

YoWhatsApp steals users’ keys

According to the report released this Wednesday (12) by Kaspersky, YoWhatsApp version was being used by hackers who were stealing WhatsApp keys (credentials) from users. With this, anyone who possessed these keys could control user accounts. This data was being sent to the developer’s remote servers.

The Trojan used was the same as last year, called Triada. It can steal data and still access users’ cameras, microphone, contacts, and other apps.

Of course, these apps are banned in the Play Store, however, they were advertised in other popular apps, the most famous being Snaptube, an app to download videos from YouTube, which was even accused of stealing user data a couple of years ago.

Another famous version of WhatsApp, WhatsApp Plus, also had an infected version. In this case it was advertised in another application to download videos from Youtube, VidMate, in this case the developers of this application did not even know that they were spreading a virus.

What are WhatsApp Mods?

Mod, or modified apps, as the name suggests are apps that are modified by the developer to be better than normal WhatsApp.

They have been around for years and are very famous, especially in Brazil. The most famous of them is WhatsApp GB, which became famous for hiding users from being online, making it possible to use two WhatsApp accounts on the same account and much more.

However, the use of these applications is condemned by Meta, the company that owns Facebook. In addition, they present some risks to users, as we will see below:

1 – Apps like WhatsApp GB, YoWhatsApp may contain viruses

There is no guarantee that these developers will not place malicious code in these applications. This does not mean that everyone has a virus, in fact most do not.

However, since there is no centralized place to distribute them, such as the Google Play Store, anyone can download a modified app like WhatsApp GB, install a virus, and then make it available for download. from any website on the Internet.

This is so true, that it has recently been done precisely with FM WhatsApp.

Image: Pexels

In August 2021, researchers from Kaspersky found that a version of FMWhatsapp changed and earned a “little gift” called Triad. It was one trojan which was in the banner ad SDK that mod developers use to fund the project.

Researchers cautioned that it was not the original developer who deployed the malicious code. It was someone who changed the code and made the apk app available on a download page. After that, there was a ripple effect, where one site copied another’s link, quickly spreading the virus to thousands of people.

One of the malware was called xHelper what sand stands out for its amazing ability to re-infect Android devices hours after they have been removed or after infected devices have been reset to factory settings: it is almost impossible to get rid of.

2 – Facebook does not guarantee the security of your data

The original WhatsApp has a technology called End-to-end encryption. We won’t go into detail about how it works here, we have an article that explains it in more depth.

Basically, as soon as WhatsApp sends a message, it completely scrambles (encrypts) it in a way that is theoretically impossible for any software to decipher.

The moment the other person’s WhatsApp receives the message, the app decrypts it and then your contact will read it.

The problem is that Facebook doesn’t guarantee that modified apps will do this encryption. The developers of WhatsApp GB, WhatsApp Plus and others say yes, but do you believe them?

This means that if an app change has “removed” the encryption feature, the developer can intercept your message and gain access to your WhatsApp.

3 – Risk of expulsion

First of all, let’s make one thing clear: GB WhatsApp messages and any other MOD still go through Facebook servers. This means that Facebook knows exactly who uses these apps.

With this in mind, Facebook warns that those who use it can get their account banned, that is, dial your mobile number and not allow you to use WhatsApp.

This block can be temporary or permanent. And believe me, a few years ago millions of people using GBWhatsApp got their accounts blocked.

Most mods promise an “anti-ban” system, but again: does he believe it?

Facebook’s official statement

As we said above, Facebook knows that you use a modified WhatsApp and that they can ban you. How do we know this?

WhatsApp itself, on its official website, names the bulls and clearly states that WhatsApp GB and WhatsApp Plus users may be banned, see the image below:

The image shows that WhatsApp may ban WhatsApp GB users
Image: WhatsApp

With info: Bleeping Computer

Related posts

Leave a Comment