Oct. 14 (Portaltic/EP) –
A team of cybersecurity analysts has found a Trojan capable of issuing paid subscriptions and stealing accounts from WhatsApp in a modified application of this messaging platform.
Kaspersky researchers have found references to a ‘malware’ called Triada embedded in a ‘mod’ of the messaging service developed by Meta, whose fraudulent version is called YoWhatsApp.
A ‘mod’ is a modified version of a program or an application that provides functions that the official services do not offer, such as new settingsmaps or characters in the case of video games.
In the case of WhatsApp, the ‘mods’ usually offer alternative options to the original application, such as wallpapers, custom fonts for chats and password protected access to certain conversations, among other features.
According to investigations of this company of cybersecurity, more than 3,600 users would have been exposed to this cyber threat in the last two months by downloading YoWhatsApp, an app advertised on Snaptube and also distributed through Vidmate.
Kaspersky believes that the success of this ‘mod’ is due precisely to the fact that both applications, used by thousands of people around the world, advertise it. However, he thinks that it is most likely that even his developers were not aware of this danger.
According to Kaspersky security analyst Anton Kivva, “advertising in legitimate applications It is a very cunning way that criminals have of spreading malicious applications, since many believe that if the application they use is safe, the advertising that appears in it does not carry any risk either.
Upon installation of the tampered app, users are forced to log in to their real app account. In doing so, receive the Triada Trojan on their deviceswhich downloads and executes malicious payloads on terminals.
They are also made with the credentials of the official WhatsApp application account and can access the Permissions section, where they have the possibility of stealing accounts and make money off the victims enrolling them in paid subscriptions.
To neutralize these risks, the cybersecurity company recommends installing only applications from official stores and reliable sources, check the permissions that are granted to these services and install an antivirus on the device.