Be Careful! These Two WhatsApp Applications Can Curse User Data
JAKARTA - Cybercriminals are found targeting WhatsApp users, especially if they don't steal personal data and user money.
First reported by security company researcher Kaspersky, two WhatsApp clone apps were found stealing the access key to WhatsApp users for cybercrime.
With the key, the mock app maker can run all kinds of malicious campaigns, including a campaign where victims lose their money.
The two messaging apps were dubbed, Yo WhatsApp, and WhatsApp Plus. This app offers almost the same functionality as the original WhatsApp app. The research report said, Yo WhatsApp also seems to come with customizable interfaces.
The technique, this app steals a legitimate WhatsApp access key and sends it to the clone maker, gives them access to the victim's user account.
Kaspersky researchers say the key can be used in open source utilities and allows attackers to take various actions without the user's consent. In addition to actions, attackers can also eavesdrop on conversations, steal data identities, and the like.
Attackers can also use this access to subscribe to premium services, then charge victims of costs and generate revenue.
Worse the app was advertised through some legitimate Android apps, and researchers suspect developers don't know they're being used to advertise malware.
Furthermore, researchers hope that this distribution channel will be closed soon. However, users who download this app will be at risk as long as the app is installed on their device.
This type of application is rarely found in official application repositories such as the Google Play Store, and is better off downloading apps outside of official stores. This was quoted from TechRadar, Friday, October 14.