WhatsApp clones are malware in disguise — here’s how to stay safe

(Image credit: Anadolu Agency / Getty Images)

You have to be careful about which apps you install, because you never know what could be a dangerous knockoff trying to steal your data. One prime example of this has been revealed by security researchers at Kaspersky, which has revealed two fake WhatsApp Android apps that aim to steal user access keys.

The two apps are called “YoWhatsApp” and “WhatsApp Plus," and are designed to offer special features in addition to the usual suite of WhatsApp tools. The Kaspersky report (via Bleeping Computer) notes that YoWhatsApp offers a customizable interface and individual chat room blocks.

Sadly, as is far too common, these apps have a nefarious purpose: stealing user access keys with the help of the Triada Trojan. Once those keys have been acquired, it gives attackers the chance to access unwitting victims’ accounts. 

This then allows the attackers to do various things without your consent, including subscribing you to premium services that they control. Gaining cyber criminals money, and draining your bank account in the process. Having access keys also gives hackers the ability to eavesdrop on conversations and steal personal data.

Other dangers include account takeover and impersonation, both of which could be used to spread malware or scams to your contacts — should the attackers feel the urge.

Kaspersky hasn’t said whether stolen access keys have been exploited yet, but revealed the knockoff apps were being advertised by other, legitimate apps like Snaptube and Vidmate. Though the company suspects that those apps had no clue they were being used to advertise malware and have since been notified.

Sadly, this kind of thing is not uncommon, and earlier this month WhatsApp parent company Meta sued multiple Chinese companies, which it accused of stealing over a million WhatsApp accounts via fake versions of WhatsApp.

Bleeping Computer notes that not all WhatsApp clones are deliberately malicious. That said, it's always safest to avoid these sorts of cloned apps, and stick to the official versions that aren’t trying to steal from you. Users with knock-off apps installed should also uninstall them as soon as they can.

It’s also recommended that you avoid side-loading apps via APK files, since they haven’t gone through the safety checks afforded by Google Play. Security on Google Play (and to a lesser extent Apple's App Store) is far from perfect, but it's a heck of a lot safer than installing software from unknown sources.

Tom Pritchard
UK Phones Editor

Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.