CYBER SECURITYNews

Users in Africa hit by new malicious WhatsApp mod


A new malicious version of a popular WhatsApp messenger mod dubbed YoWhatsApp is doing rounds targeting users in the META (Middle East, Turkey, Africa) region.

Popular for having features that the official app does not offer, this mod spreads the notorious Triada mobile Trojan, which can download other Trojans, issue paid subscriptions, and even steal WhatsApp accounts.

According to Kaspersky researchers, users around the world were affected by this threat in the last two months, and more than a quarter of them, 27% from the META region. Within the META region, 27% of users affected were from African countries.

This new malicious mod is advertised in the popular Snaptube app and is also distributed via Vidmate. This makes the mod look much less suspicious to potential targets and expands the possible number of victims.

WhatsApp is one of the most popular messengers, used by millions of users worldwide, but not all of them are satisfied with the features offered by the legitimate application. Thus, some users prefer to download WhatsApp mods that provide far more options, such as custom backgrounds and fonts for chats, bulk messaging, or password-protected login to certain conversations.

However, such mods are not always secure. Previously, Kaspersky had already discovered another modification of WhatsApp, which also spreads the dangerous Triada mobile Trojan. And now, researchers have witnessed that fraudsters continue to take advantage of the popularity of the globally recognised messenger by creating new malicious modifications, such as some versions of so-called YoWhatsApp.

To infect as many users as possible, cybercriminals have resorted to a new distribution scheme. They now advertise the malicious YoWhatsApp mod in the popular Android app Snaptube, which is used to download videos from YouTube, Facebook, and Instagram. Since YoWhatsApp is being advertised in the Snaptube app used by hundreds of thousands of users around the world, many of them are not even aware that this modification could be dangerous. Most likely, even Snaptube’s developers were not aware that the attackers have decided to take advantage of legitimate advertisement mechanism in their app.

YoWhatsApp is also being distributed via the Vidmate app. In addition to being used for downloading YouTube videos, this app contains an unofficial Android app store. Here, attackers published a malicious version of YoWhatsApp called “Whatsapp Plus”. Since Vidmate is not an official app store, the likelihood of malicious apps being distributed there increases several times over – and the appearance of Whatsapp plus, which infects users with the Triada Trojan, is an example of this.

To use the WhatsApp mod, users need to log in to their account of the legitimate app. However, along with all the new features, users also receive the Triada Trojan. Having infected the victim, attackers download and run malicious payloads on their device, as well as get hold of the keys to their account on the official WhatsApp app. Along with the permissions needed for WhatsApp to work properly, this gives them the ability to steal accounts and get money from victims by signing them up for paid subscriptions that they are not even aware of.

“Advertising in legitimate applications is a very cunning way for criminals to spread malicious applications, as many users believe that, if the application they are using is safe, then any advertising on it does not carry any risks either. However, as we can see, this is not always the case, so we recommend that users download applications only from official app stores. They will not always carry the same large number of custom features, but they will definitely be much safer for you, reducing the possibility of losing your account or reducing your money to a minimum,” says Anton Kivva, security researcher at Kaspersky.

To stay safe, Kaspersky recommends you only install applications from official stores and reliable resources. You should also remember to check which permissions you give installed applications – some of them can be very dangerous

Users have also been urged to install a reliable mobile antivirus on your smartphone. It will detect and prevent possible threats.

Follow us on TelegramTwitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to info@techtrendske.co.ke  

Facebook Comments

Nixon Kanali

Tech journalist based in Nairobi. I track and report on tech and African startups. Founder and Editor of TechTrends Media. Nixon is also the East African tech editor for Africa Business Communities. Send tips to nkanali@techtrendske.co.ke.

Have anything to add to this article? Leave us a comment below

Back to top button