WhatsApp is a popular messaging app, and so like any popular messenger, there are many unofficial versions that offer additional features. Although unofficial versions are often attractive, they also pose a significant security risk.
YoWhatsApp is an example of this problem. Security researchers have discovered that a malicious version of the app steals user data. This data can then be used to hijack people’s WhatsApp accounts.
So why is YoWhatsApp a security risk and why should users avoid apps like this?
What is YoWhatsApp?
YoWhatsApp is an unofficial WhatsApp application for Android. Like many unofficial apps, it is popular because it offers additional features not found in the official version. YoWhatsApp lets you customize the app’s appearance and use additional privacy options. YoWhatsApp is not available on the Play Store and is instead downloaded from other less secure platforms.
Why is YoWhatsApp a security risk?
Safe List reports that a modified version of YoWhatsApp is being used spread malware. The compromised version is advertised on Snaptube and has been modified to both steal user data and sign users up for paid subscription services.
The app itself is designed to steal WhatsApp user credentials. These can then be used to hijack users’ real WhatsApp accounts. This is a problem not only for affected users, but also for their contacts. A compromised account can be used to contact people and request payment.
When someone downloads the app, the Triada Trojan is also automatically installed on their phone. This Trojan is designed to register for paid subscription services from which cyber criminals get a share.
While the malicious YoWhatsApp shouldn’t be advertised, it’s a solid example of the larger problem: cybercriminals creating fake or misleading versions of popular apps.
Why are unofficial WhatsApp apps a security risk?
In order to understand the threat posed by unofficial WhatsApp apps, it is important to look at how the official version works.
WhatsApp uses the client-server model. This means that the user interacts with the client application and the client application communicates with the server using a special protocol. This protocol is publicly available and allows to create unofficial clients, such as YoWhatsApp, which can then also communicate with the server.
The problem with unofficial clients is that when you use such app, you have to provide your WhatsApp login credentials.
When you log in to WhatsApp, you only give your WhatsApp login credentials. When you use an unofficial version, you don’t really know who you are giving private data to. This makes these applications an ideal target for cybercriminals.
Unofficial apps are also popular with scammers as they are usually not published on the Play Store. Instead, they are downloaded from other platforms that do not perform enough security checks. This allows a cybercriminal to create a malicious version of an app, download it, and after widely advertising it, expect to receive enough downloads to be profitable.
It should be noted that the developer of YoWhatsApp does not appear to be involved in anything malicious. Instead, cyber criminals saw that the unofficial app had a large user base and then created a malicious version to take advantage of this audience.
What are the risks of unofficial WhatsApp apps?
If you are using the latest version of YoWhatsApp, or a similar unofficial app, you run the risk of account hacking first. What happens next largely depends on the intentions of the cybercriminal.
After a WhatsApp account is hacked, the scammer takes full control of the account. You will not be able to log in and they will be able to access your private information. This can be used for extortion purposes or to perform additional attacks against you.
They can also use your WhatsApp account to impersonate you. They can contact people you know and ask for payment. Or they can ask people to receive a verification code. Anyone who agrees to receive a verification code and then provides it to the perpetrator can then have their own account hacked.
The Triada Trojan attached to YoWhatsApp also requests permission to send and receive SMS. This allows developers to sign up for expensive subscription services. Trojans are often bundled with malicious applications and the Triada Trojan is just one example.
How to Protect Against Unofficial WhatsApp Apps
Here’s how to protect yourself from apps like YoWhatsApp.
Download only from official sources
Unofficial apps can be tempting if you want the extra features offered. But to keep your phone and accounts safe, it’s important to only download apps from the Play Store. Installing APKs from anywhere makes you vulnerable to data theft and malware.
Limit permissions for all apps
While most apps on the Play Store are safe, some malicious apps do it on the platform. You can greatly reduce the potential damage of these applications by being very careful about what permissions you grant them. In the case of YoWhatsApp, the Triada Trojan can only register for subscription services if the user authorizes it to access SMS.
Be aware of your contacts being hacked
When using apps like WhatsApp, you should be aware of the possibility of your contacts being hacked. This can happen in several ways. If someone contacts you asking for money or any type of verification code, you should contact that person outside of the app before responding.
Do not use unofficial WhatsApp apps
Unofficial WhatsApp apps are popular because they offer additional features. Unfortunately, when you download such an app, you are forced to trust the app developer with your login credentials. Since such apps are found on unregulated platforms, this is rarely a good idea. Anyone who used the malicious version of YoWhatsApp had their credentials stolen.
If you value your WhatsApp account, you should only use the official client. It doesn’t have all the features users obviously want, but you know exactly where your user credentials go every time you log in.