One such example of this problem is YoWhatsApp. Security researchers found that a malicious version of the app is stealing user data. This data can then be used to hijack people’s WhatsApp accounts.
So why is YoWhatsApp a security risk and why should users avoid apps like it?
What Is YoWhatsApp?
YoWhatsApp is an unofficial WhatsApp application for Android. Like many unofficial apps, it’s popular because it offers additional functionality not found in the official version. YoWhatsApp allows you to customize the app’s appearance and use additional privacy options. YoWhatsApp is not available on the Play Store and is instead downloaded from other, less secure platforms.
Why Is YoWhatsApp a Security Risk?
Secure List reports that a modified version of YoWhatsApp is being used to spread malware. The compromised version is being advertised on Snaptube and has been modified to both steal user data and sign users up to paid subscription services.
The app itself is designed to steal WhatsApp user credentials. These can then be used to hijack people’s actual WhatsApp accounts. This is a problem not only for affected users but also their contacts. A compromised account can be used to contact people and request payment.
When somebody downloads the app, the Triada Trojan is also automatically installed on their phone. This Trojan is designed to sign up to paid subscription services which the cybercriminals get a cut of.
While the malicious YoWhatsApp shouldn’t be advertised, it’s a solid example of the wider problem: that cybercriminals create fake or duplicitous versions of popular apps.
Why Are Unofficial WhatsApp Apps a Security Risk?
In order to understand the threat posed by unofficial WhatsApp apps, it’s important to look at how the official version works.
WhatsApp uses the client-server model. This means that the user interacts with the client app and the client app communicates with the server using a special protocol. This protocol is publicly available and allows unofficial clients, such as YoWhatsApp, to be created which can then also communicate with the server.
The problem with unofficial clients is that when you use such an app, you are required to provide your WhatsApp login credentials.
When you log in to WhatsApp, you are only giving your login credentials to WhatsApp. When you use an unofficial version, you don’t really know who you are giving private data to. This makes such apps an ideal target for cybercriminals.
Unofficial apps are also popular with scammers because they are typically not published on the Play Store. Instead, they are downloaded from other platforms which do not perform sufficient security checks. This allows a cybercriminal to create a malicious version of an app, upload it, and after advertising it heavily, expect to receive enough downloads to be profitable.
It’s worth noting that the developer of YoWhatsApp is not believed to be involved with anything malicious. Instead, cybercriminals saw that the unofficial app has a large user base and then built a malicious version to take advantage of that audience.
What Are the Risks of Unofficial WhatsApp Apps?
If you use the latest version of YoWhatsApp, or a similar unofficial app, you first run the risk of account hijacking. What happens next depends largely on the intentions of the cybercriminal.
After a WhatsApp account is hijacked, the scammer gains complete control of the account. You won’t be able to log in and they can access your private information. This can be used for extortion purposes or to perform additional attacks against you.
They can also use your WhatsApp account to impersonate you. They might contact people you know and request payment. Or they can ask people to receive a verification code. Anyone who agrees to receive a verification code and then provides it to the perpetrator can then have their own account hijacked.
The Triada Trojan attached to YoWhatsApp also requests permission to send and receive SMS. This allows the developers to sign you up to expensive subscription services. Trojans are often packaged with malicious apps and the Triada Trojan is only one example.
How to Protect Against Unofficial WhatsApp Apps
Here’s how to protect yourself from apps like YoWhatsApp.
Only Download From Official Sources
Unofficial apps can be tempting if you want the added functionality offered. But to keep your phone and accounts secure, it’s important to only download apps from the Play Store. Installing APKs from anywhere else leaves you vulnerable to data theft and malware.
Limit Permissions of All Apps
While most apps on the Play Store are safe, some malicious apps do make it onto the platform. You can significantly reduce the potential damage of such apps by being very careful about what permissions you grant them. In the case of YoWhatsApp, the Triada Trojan is only able to sign up to subscription services if the user provides permission for it to access SMS.
Be Aware of Your Contacts Being Hijacked
When using apps such as WhatsApp, you should be aware of the possibility of your contacts being hijacked. There are many ways that this can happen. If anyone contacts you requesting money or any type of verification code, you should contact that person outside of the app before responding.
Don’t Use Unofficial WhatsApp Apps
Unofficial WhatsApp apps are popular because they offer additional functionality. Unfortunately, when you download such an app, you are forced to trust the app’s developer with your login credentials. Given the fact that such apps are found on unregulated platforms, this is rarely a good idea. Anyone who has used the malicious version of YoWhatsApp has had their credentials stolen.
If you value your WhatsApp account, you should only use the official client. It doesn’t have all the features that users obviously want, but you know exactly where your user credentials are going whenever you log in.
