Instant messaging app WhatsApp faces controversy as a new and unofficial version of the android application has been found stealing users' accounts.
"YoWhatsApp," a messenger app with the same permissions as the standard WhatsApp, has been discovered accessing keys from the developer's remote server, Bleeping Computer says.
Malicious WhatsApp Copy Is Targeting User Accounts
Security researchers at WhatsApp detected a threat actor that has been distributing Trojan malware to steal mobile data through YoWhatsApp.
Researchers at Kaspersky observed that the unverified WhatsApp mod had been advertised as a legitimate mobile app, lending credibility to it.
The app also includes additional features that regular WhatsApp does not have, like the ability to customize the interface and block access to chats, making it more marketable.
Dark Reading writes that users who have been engaging with this spoofed version of WhatsApp are at risk of having malicious activities through their accounts.
Users who have contracted the malware are reportedly having their account details stolen, which signs them up for paid subscriptions that they might be unaware of.
Kaspersky believes that the access keys hacked from WhatsApp developers can be used to connect and perform actions in the app's open-source utilities.
The research group has warned developers and users that should the keys be abused, the hackers at YoWhatsApp can take over accounts and disclose sensitive information.
The malicious app request can also access SMS and impersonate contacts, Bleeping Computer writes.
Dark Reading also says that organizations that use WhatsApp in the workplace should be aware of the security risks this malicious software can bring to their businesses.
YoWhatsApp can be used to leak sensitive business information and spearhead phishing scams in the name of the organization.
Read More: Meta Has Sued Chinese Companies for Stealing One Million WhatsApp Accounts
Bosses At Meta Are Now Taking Action and Users Should Too
In the past few weeks, WhatsApp has been dealing with misleading copies of the app spreading online, tricking users into self-compromising their accounts.
Mark Zuckerberg and his tech company are already on the move to get to the bottom of three operations accused of hijacking people's accounts on WhatsApp.
The Irish Sun reports that Meta's team has recently discovered a number of malware circulating within their app, which can only be found through unauthorized app distributors.
Meta says that they are taking enforcement actions against these outside sources to avoid future harm and that they will be exploring legal actions to hold the hijackers accountable.
Through an agreement with Google, users are not allowed to access WhatsApp services through external extensions and alternative applications.
Now, developers warn users to take precautions when downloading from third-party sites to avoid the chances of getting malware.
Users are also advised to be vigilant of messages from contacts promoting software through unusual clickbait links.
Digital Information World reports that WhatsApp might have improved its privacy by integrating end-to-end messaging encryption, but they believe that users should do their part to stay safe.
They advise users to go dark online, which means that users should make themselves invisible when browsing the internet by going incognito and sharing less personal information.
Related Article: WhatsApp Is Working on Device Login Approval To Protect Accounts More Effectively