WhatsApp is the most popular messaging app on the planet. We normally report on the feature updates that help keep it in that top spot but today we have to report on a fake version of WhatsApp that has been designed to try and trick users into downloading it so that it can steal their accounts. You need to avoid downloading YoWhatsApp.
Cybersecurity researchers at Kaspersky have uncovered a fake version of WhatsApp called YoWhatsApp which is a fully functioning messaging app that offers pretty much the same functionality as the real version of WhatsApp but has been designed to steal users’ access keys for running malicious campaigns and even draining victims’ bank accounts.
These security keys are interesting features, that Kaspersky describes as being:
“… typically used in open-source utilities that allow the use of a WhatsApp account without the app. If the keys are stolen, a user of a malicious WhatsApp mod can lose control over their account.”
Furthermore, as well as potentially giving malicious actors access to their accounts and opening up vulnerabilities to further scams, the app also allows malicious actors to listen in on users’ conversations, which opens up further possibilities for stealing sensitive security information.
An interesting aspect that is raised by this security vulnerability is that it means that even users who have not downloaded the fake app can be targeted. If anybody who has your contact details saved on their device is breached, you could receive fraudulent messages from scammers asking you to click dodgy links or download infected files. This means that if you should receive any suspect messages via WhatsApp or SMS you should delete it and block the sender.
To help you spot these types of phishing scams we have created an anti-phishing infographic.