A new version of an unofficial WhatsApp Android application named ‘YoWhatsApp’ has been found stealing access keys for users’ accounts.
YoWhatsApp is a fully working messenger app that uses the same permissions as the standard WhatsApp app and is promoted through advertisements on popular Android applications like Snaptube and Vidmate.
The app includes additional features over the regular WhatsApp, such as the ability to customize the interface or block access to chats, making it enticing for users to install.
However, it has now been discovered that YoWhatsApp v2.22.11.75 snatches WhatsApp keys, enabling the threat actors to control users’ accounts.
The YoWhatsApp campaign was discovered by threat analysts at Kaspersky, who have been investigating cases of the Triada Trojan hiding inside modified WhatsApp builds since last year.
According to a report published yesterday, the modded app sends users’ WhatsApp access keys to the developer’s remote server.
