An unofficial WhatsApp mod that goes by the name YoWhatsApp has been caught stealing accounts of Android users after gaining access to their login credentials.
It turns out that its latest version gains a new ability, which allows it to access the keys of WhatsApp users.
Unofficial WhatsApp Mod YoWhatsApp
According to a recent report by Bleeping Computer, the unofficial mod of the Meta-owned messaging service so-called "YoWhatsApp" is a messenger app.
It allows Android users to use the WhatsApp messaging service without having to install the official app. And as such, the unofficial mod also gains the same permissions that the original counterpart has.
However, unlike the official WhatsApp app, the Android mod entices users with additional functionalities, such as customization features.
It provides options that let users change the color of the icon, as well as the specific chats. And besides the color options, it also comes with various emojis.
Interestingly, the unofficial WhatsApp mod also claims to expand the limit of sending files up to 700 MB. On the other hand, the official app only allows users to send files taking up to 100 MB to their contacts.
Bleeping Computer notes in its report that the said mod is highly promoted through advertisements on other Android platforms, such as Vidmate and Snaptube.
All that said, some Android users have gone on to install it despite the risks that come with it.
Read Also : WhatsApp for iOS is Developing a Feature That Will Let You Choose Who Can See When You're Online
YoWhatsApp Reportedly Steals Android Users' Accounts
It turns out that the latest version of YoWhatsApp, v2.22.11.75, steals the login credentials of WhatsApp users on Android. In turn, Bleeping Computer reports that it could potentially allow hackers to take over the accounts of the users of the WhatsApp mod.
The Russian cybersecurity firm, Kaspersky, discovered that YoWhatsApp has been stealing the access keys of its users. The mod reportedly sends out the keys of WhatsApp accounts to a remote server of its developers.
The cybersecurity service says that "the malicious module stole various keys required for legitimate WhatsApp to work."
However, it should be noted that the Russian firm did not mention if the stolen keys of users have been used to take over their accounts. Yet, Kaspersky still warns the threat actors could actually do so, given that the access keys have now been stolen.
Although the unofficial mod of WhatsApp is not available on the Google Play Store. Kaspersky learned that YoWhatsApp persistently appears on the Snaptube app. And once an Android user taps on the ad, it lets them install it.
Related Article : WhatsApp iOS to Block Screenshots for 'View Once' According to Leaks-When Is it Coming?
This article is owned by Tech Times
Written by Teejay Boris