Report: A new Malicious WhatsApp mod is Targeting African Users
A new dangerous variant of the well-liked YoWhatsApp WhatsApp messaging mod was found by Kaspersky researchers.
This mod spreads the infamous Triada mobile Trojan, which may download other Trojans, issue paid memberships, and even steal WhatsApp accounts.
It is well-known for having functionality that the official software does not provide. In the past two months, users from all over the world were impacted by this threat, with 27% of them being from the META (Middle East, Turkey, Africa) region. 27% of the META users who were impacted were from African nations.
The popular Snaptube software is used to promote this new harmful mod, and Vidmate is also used to disseminate it. This increases the amount of prospective victims and makes the mod appear far less suspicious to potential targets.
Millions of people use WhatsApp, one of the most widely used messaging apps, but not all of them are happy with the capabilities the app’s legal version offers. As a result, some users prefer to download WhatsApp modifications that offer many more options, like custom chat backgrounds and fonts, bulk messaging, or password-protected login to certain conversations.
These changes aren’t always safe, though. Prior to this, Kaspersky had also identified another WhatsApp variant that disseminates the risky Triada mobile Trojan. Researchers have observed that scammers are still using the widely used messenger’s popularity to their advantage by developing new dangerous modifications, such as some variants of so-called YoWhatsApp.
Cybercriminals have turned to a new method of distribution to infect as many users as they can. They now promote the harmful YoWhatsApp mod in the well-known Android software Snaptube, which is used to get videos from Facebook, Instagram, and YouTube. Numerous people are unaware that this alteration could be dangerous because YoWhatsApp is being promoted through the Snaptube app, which is utilized by hundreds of thousands of users worldwide. Most likely, not even Snaptube’s developers were aware that the attackers had chosen to abuse a legitimate ad system within their program.
The Vidmate app also serves as a distribution channel for YoWhatsApp. This program features an unauthorized Android app store in addition to allowing users to download YouTube content.
Here, hackers released “Whatsapp Plus,” a malicious variant of the popular messaging app YoWhatsApp. Due to the fact that Vidmate is an unofficial app store, the risk of harmful apps being released there increases significantly. The debut of Whatsapp +, which infects users with the Triada Trojan, is one such example.
Users must sign in to their accounts on the original WhatsApp in order to utilize the modified version. However, consumers also get the Triada Trojan in addition to all the new capabilities. Once the victim has been attacked, the attackers download and launch malicious payloads on their device and seize control of their WhatsApp account.
This allows them the ability to steal accounts and extort money from victims by enrolling them in hidden paid subscriptions, in addition to the permissions required for WhatsApp to function properly.
Because many users think that if a program is safe, then any advertising on it is also risk-free, advertising in legitimate programs is a particularly clever technique for thieves to disseminate harmful software. We can see that this is not always the case, thus we advise customers to only download apps from legitimate app shops. Although they might not always include a sizable number of unique features, they will undoubtedly be considerably safer for you, lowering the likelihood that your account will be lost or you will lose a significant amount of money, according to Anton Kivva, a security researcher at Kaspersky.
Kaspersky solutions detected the malicious implant as Trojan.AndroidOS.Triada.eq and Trojan-Dropper.AndroidOS.Triada.bd.
To stay safe, Kaspersky recommends:
- Only installing applications from official stores and reliable resources
- Remembering to check which permissions you give installed applications – some of them can be very dangerous
- Installing a reliable mobile antivirus on your smartphone. It will detect and prevent possible threats.
