User’s personal data and accounts are being stolen by a fake version of WhatsApp. A report from cybersecurity company Kaspersky was shared with the public.

The unofficial version is called YoWhatsApp and it is a fully functioning messenger app that steals user account access codes. Other scam apps like Snaptube and Vidmate advertise the app through ads that use the same permissions as WhatsApp.

YoWhatsApp lets you use two mobile numbers for one account, enables anonymous messaging, views deleted messages, and protects chats with passwords, unlike the original WhatsApp.

READ MORE: A Pakistani woman ranks among Canada’s top 25 AI women

The latest version of YoWhatsApp (v2.22.11.75) lets attackers steal WhatsApp keys, letting them control your account. It is possible to connect and perform actions as the user without installing the actual WhatsApp client by using these stolen WhatsApp keys on the developer’s remote server.

Despite not being used in any attacks so far, these keys should still be taken seriously because they can result in account takeovers, data leaks, and even the impersonation of close contacts.

A backdoor in the app is left open by the Triada Trojan that is embedded in it. App permissions can be exploited so that you are signed up for paid subscriptions without your knowledge.

Another fake WhatsApp version is called “WhatsApp Plus”. Aside from account theft, it also has other malicious features.

Due to their lack of availability on the Google Play Store at the time of writing, neither app is likely to pose a threat to most users.


Please enter your comment!
Please enter your name here