They discover a Trojan capable of stealing WhatsApp accounts and issuing paid subscriptions

A team of cybersecurity analysts has found a Trojan capable of issue paid subscriptions Y steal accounts from WhatsApp in a modified application of this messaging platform.

Kaspersky researchers have found references to a ‘malware‘ called Triad integrated into a ‘mod’ of the service developed by Meta, whose fraudulent version receives the name of YoWhatsApp.

A ‘mod’ is a transformed version of a program or an application that provides functions that official services do not offersuch as new settings, maps or characters in the case of video games.

In the case of WhatsApp, the ‘mods’ usually offer alternative options to the original applicationsuch as wallpapers, custom fonts for chats, and password-protected access to certain conversations, among other features.

According to the investigations of this cybersecurity company, more than 3,600 users would have been exposed to this cyber threat in the last two months by downloading YoWhatsApp, an app advertised on Snaptube and also distributed through Vidmate.

Kaspersky warns about this ‘mod’

Kaspersky believes that the success of this ‘mod’ is due precisely to the fact that both Applicationsused by thousands of people around the world, they announce it. However, he thinks that it is most likely that even his developers were not aware of this danger.

According to Kaspersky security analyst Anton Kivva, “the advertising in legitimate applications It is a very cunning way that they have the criminals of spreading malicious applications, since many believe that if the application they use is safe, the advertising that appears in it does not carry any risk either.

Upon installation of the tampered application, users are forced to log in to your real app account. By doing so, they receive the Triada Trojan on their devices, which downloads and executes malicious payloads on terminals.

They are also done with the credentials of the official WhatsApp application account and can access the Permissions section, where they have the possibility of steal accounts and make money at the expense of the victims by signing them up for paid subscriptions.

To neutralize these risks, the cybersecurity company recommends install only apps from official stores and trusted sourcescheck the permissions that are granted to these services and install an antivirus on the device.