1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This WhatsApp Android knock-off is hijacking user accounts

    From TechnologyDaily@1337:1/100 to All on Thu Oct 13 21:15:03 2022
    This WhatsApp Android knock-off is hijacking user accounts

    Date:
    Thu, 13 Oct 2022 20:01:34 +0000

    Description:
    Kaspersky uncovers two WhatsApp knockoffs stealing user data.

    FULL STORY ======================================================================

    Multiple WhatsApp knockoff applications have been discovered stealing the legitimate WhatsApp user access keys, researchers have found.

    With these keys, the apps authors can run all kinds of malicious campaigns, including one where the victims lose their hard-earned money.

    Cybersecurity researchers from Kaspersky recently discovered two messaging apps for Android, obviously targeting WhatsApp users. One is called YoWhatsApp, and the other WhatsApp Plus. Both these apps offer pretty much
    the same functionalities as the actual WhatsApp app, and then some. As per
    the report, YoWhatsApp apparently also comes with a customizable interface, and individual chat room blocks. Stealing access keys

    What users dont see, however, is these apps stealing legitimate WhatsApps access keys and sending them to the knockoffs authors, giving the attackers access to the victims user accounts.

    According to Kaspersky, the keys can be used in open-source utilities and allow attackers to perform various actions without the users consent. Besides actions, the attackers can also eavesdrop on the conversations, steal
    identity data, and similar.

    The researchers also said the attackers could use this access to subscribe
    the victims to premium services, charging them in the process and generating income. Read more

    WhatsApp Gold scam installs malware on victims' phones here's how to avoid
    it


    WhatsApp has become a hotbed for scams


    These are the best security keys out there

    The apps were being advertised via a couple of legitimate Android apps, and Kaspersky suspects the developers did not know they were being used to advertise malware. The authors have since been notified, and Kaspersky
    expects these distribution channels to be closed soon. Still, users that downloaded these apps will be at risk for as long as the apps are installed
    on their endpoints.

    Popular Android apps have many knock-offs, and while not all of them are malicious, it would be best to just stay away from them, researchers suggest. These kinds of apps are rarely found on Googles official app repository, the Play Store, and can rather be downloaded as an .APK, from third-party
    sources. That, alone, should be enough of a red flag, they say. Check out our list of the best password managers right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/whatsapp-knock-off-for-android-is-hijacking-use r-accounts/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)