WhatsApp accounts targeted by malicious modded Android app

WhatsApp users' account access keys are being stolen by an updated version of the malicious modded WhatsApp Android application dubbed "YoWhatsApp," which has the same permissions but features interface customization and chat access blocking not available in the original app, reports BleepingComputer. Threat actors could leverage such WhatsApp access keys stolen by the modded YoWhatsApp app, which is being promoted through ads in video downloader Snaptube, in open-source utilities, and in conducting account takeover attacks, sensitive communications disclosure, and impersonation attacks, according to a report from Kaspersky. The malicious app contains the Triada Trojan, which exploits various permissions to facilitate unwarranted premium subscriptions for its victims. Similar malicious activity has been observed by researchers in the "WhatsApp Plus" app, which is being promoted via the VidMate app. The findings come after several Chinese companies have been sued by WhatsApp parent firm Meta for developing unofficial apps that have stolen more than 1 million accounts.