Security News > 2022 > October > Unofficial WhatsApp Android app caught stealing users’ accounts
A new version of an unofficial WhatsApp Android application named 'YoWhatsApp' has been found stealing access keys for users' accounts.
YoWhatsApp is a fully working messenger app that uses the same permissions as the standard WhatsApp app and is promoted through advertisements on popular Android applications like Snaptube and Vidmate.
According to a report published today, the modded app sends users' WhatsApp access keys to the developer's remote server.
Like the real WhatsApp Android app, the malicious app requests permissions, like accessing SMS, which is also granted to the Triada Trojan that's embedded in the app.
The malicious app offers additional features like a customizable interface, individual chat room blocks, and other stuff not available on the WhatsApp client but many people would like to have.
This month, Meta sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing "Unofficial" WhatsApp apps that stole over one million WhatsApp accounts.