WhatsApp It is one of the applications that arouses the most interest among cybercriminal groups. Recently, a team of cybersecurity analysts has discovered a new Trojan-type code capable of performing paid subscriptions and steal WhatsApp accounts in a modified application of this messaging platform. That is, in a tool that poses as the ‘app’ owned by Zuckerberg.
The malicious code, called Triad, Has been discovered by a group of experts from the Kaspersky company in a malicious ‘app’ called YoWhatsApp. This modification of the Meta site offers the Internet user features that are not present in the official version of WhatsApp, such as, for example, new settings, maps or characters in the case of video games.
This is not something unusual. Indeed, the ‘mods’ of the messaging application usually offer alternative options to the original applicationsuch as wallpapers, custom fonts for chats, and password-protected access to certain conversations, among other features.
It should be remembered that whatsapp ban user download any tool that modifies the functioning of the original application. In part, because of the dangers it represents for the security of the Internet user.
This is how the code works
According to Kaspersky research, to date, more than 3,600 users have been exposed to this cyber threat in the last two months by downloading YoWhatsApp, an application posted on snaptube -Android ‘app’ for downloading videos and audio- and also distributed through Vidmate -tool with functionalities similar to the previous one-.
The company believes that the success of the ‘mod’ is due precisely to the fact that both applications, used by thousands of people around the world, advertise it. However, he thinks that it is most likely that even its developers were not aware of this danger.
“Advertising on legitimate apps is a very cunning way for criminals to spread malicious apps, as many believe that if the app they use is safe, advertising on it also carries no risk,” says the analyst at Kaspersky Anton Kivva Security.
Upon installation of the tampered app, users are forced to log in to their official WhatsApp account. By doing so, they receive the Triada Trojan on their devices, which downloads and executes malicious payloads on terminals.
They also get the credentials of the official WhatsApp application account and can access the ‘Permissions’ section, where they have the possibility of stealing accounts and earning money at the expense of the victims by signing them up for paid subscriptions. To avoid such risks, Kaspersky, like all cybersecurity companies, recommends install only apps from official stores and trusted sourcescheck the permissions that are granted to these services and install an antivirus on the device.