Researchers have discovered that many fake WhatsApp apps steal the legitimate access keys of a WhatsApp user.
With these keys, application authors can run all kinds of malicious campaigns, including one in which victims lose their hard-earned money.
Kaspersky cybersecurity researchers recently discovered two Messaging apps (Opens in a new tab) For Android, it is obviously targeting WhatsApp users. One is called YoWhatsApp and the other is called WhatsApp Plus. These two apps pretty much offer the same functionality as the actual WhatsApp app, and then some. According to the report, YoWhatsApp also appears to come with a customizable interface and individual chat room blocks.
Access keys stolen
However, what users don’t see is that these apps steal the legitimate access keys of WhatsApp and send them to the fake authors, allowing the attackers to gain access to the victims’ user accounts.
According to Kaspersky, the keys can be used in open source utilities and allow attackers to perform various actions without the user’s consent. Besides actions, attackers can also eavesdrop on conversations, identity theft (Opens in a new tab) dates and the like.
The researchers also said that attackers could use this access to have victims sign up for premium services, charge them in the process and monetize.
The apps were advertised via two legitimate Android apps, and Kaspersky suspects the developers didn’t know they were using to advertise malware. The authors have since been notified, and Kaspersky expects to close these distribution channels soon. However, users who have downloaded these apps will be at risk as long as the apps are installed on their endpoints.
Researchers suggest that popular Android apps have many fakes, and while not all of them are harmful, it is best to stay away from them. These types of apps are rarely found in the official Google app repository, Play Store, and can instead be downloaded as an .APK file, from external sources. That, alone, should be enough for a red flag, they say.
Across: Computer (Opens in a new tab)