Meta filed a lawsuit against Rockey Tech Hk Ltd, Beijing Luokai Technology Co. Ltd., and Chitchat Technology Ltd. They are the developers of HeyMods, Highlight Mobi, and HeyWhatsApp, as per Law Street Media.
According to BleepingComputer, one million WhatsApp accounts are stolen by these the app developers who developed and allegedly used unofficial WhatsApp Android apps. The stealing operation started in May 2022.
App Developers Steals One Million WhatsApp Accounts
Meta is suing the app developers, two Chinese and one Taiwanese, for orchestrating a massive fraud. The developers lured the WhatsApp users to self-compromise their accounts.
Users can download the malicious apps from the three companies' sites. Likewise, you can also access them from Google Play Store, APK Pure, APKSFree, iDescargar, and Malavida.
According to Law Street Media, the app developers violated the Meta's terms of service by "using victims' accounts to send commercial spam."
If users would be installing the apps, their WhatsApp accounts would be compromised as the apps is infected with malware to harvest sensitive information. The malware also hijack users' WhatsApp accounts in order to send spam messages.
According to Meta, unofficial versions of WhatsApp were developed and distributed by the app developers in May to July 2022. These malicious applications containing malware are available on heymods.com and the Google Play Store.
They apps were made with the aim of convincing victims download them, eventually causing the victims to self-compromise their WhatsApp accounts, Meta said.
"After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications," Meta's complaint stated.
Malicious applications are used by the app developers in order to facilitate the misappropriation of users' WhatsApp account keys. This is said to include authentication information from the victim's device.
The authentication information are then use to access the victim's WhatsApp account without authorization. Upon gaining control of a victim's account, spam messages are sent.
Read Also: How To Download the Newest WhatsApp in Your Windows Desktop
Meta is Taking Legal Actions Against the Developers of Fake Versions of WhatsApp
According to the complaint filed by Meta, the action of the app developers violates both Meta Platforms' and WhatsApp's terms of use.
The Google Play Store entry of the app, AppUpdater for WhatsPlus, stated that it was installed by more than one million Android users.
According to head of WhatsApp at Meta, Will Cathcart, a warning has been issued to users in July. Users are advised not to download modified versions of WhatsApp such as HeyMods,' Highlight Mobi, and HeyWhatsApp's apps.
"Recently our security team discovered hidden malware within apps - offered outside of Google Play - from a developer called "HeyMods" that included "Hey WhatsApp" and others," Cathcart said.
These apps lured users to the malicious apps by promising new features. However, the apps were actually designed to steal personal information stored on people's phones.
According to Cathcart, they have already coordinated with Google and they are planning to work with the tech giant to stop the activity.
Since Meta informed Google, previously downloaded malicious fake versions of WhatsApp on Android devices will be disabled once detected by Android's Google Play Protect.
Meta is already taking further legal actions to stop HeyMods and others from spreading malicious fake version of WhatsApp.
Related Article: WhatsApp Data Breach 2021 Could Expose 2 Billion Users: Update Now on Android, iOS to Fix Security Risk