YoWhatsApp, a mod for WhatsApp is actually a malware

Mod apps are promoted as unofficial updates to reputable programs that support extra functionality that the official version does not. YoWhatsApp is a fully functional messaging app that enables extra features like customizing the user interface and limiting access to specific messages.

The rogue version of WhatsApp requests the same privileges as the authentic messenger software, including access to SMS.

Users must sign in to their real WhatsApp account in order to use the mod. However, consumers also get the Triada Trojan in addition to all the new capabilities. Once the victim has been attacked, the hackers download and launch malware on their device and seize control of their account on the official WhatsApp app.

This allows them the capability to steal accounts and extort money from users by enrolling them in hidden paid subscriptions, in addition to the permissions required for WhatsApp to function properly. The official Snaptube app featured advertisements for the YoWhatsApp Android app.

The famous Vidmate mobile app, which is made to save and view YouTube videos, was also revealed by the experts to have a dangerous program. In contrast to Snaptube, the malicious build was published to Vidmate’s internal store.

YoWhatsApp v2.22.11.75, according to Kaspersky experts, steals WhatsApp keys, enabling threat actors to hijack user accounts.

Kaspersky discovered a new modified version of WhatsApp for Android in 2021 that offered greater capabilities but was also being used to spread the Triada Trojan.

FMWhatsapp 16.80.0 is the name of the updated version.

Additionally, the analysts found the advertisement for the SDK, which contained the downloader for the malicious payload.

The FMWhatsApp was created with the purpose of collecting distinct device identifiers (Device IDs, Subscriber IDs, MAC addresses), as well as the name of the app package where each device is installed.