Beware of third-party WhatsApp clients: Malware has been found to have stolen over a million WhatsApp accounts.
If you still use applications like WhatsApp Plus, today you have one more reason to stop: Meta has sued several Chinese software companies for carrying out the theft of more than a million WhatsApp accounts via unofficial WhatsApp clients targeting Android.
The thefts began in May 2022, and over the months, the developers have managed to overcome the barrier of million accounts stolen. According to the lawsuit document presented by Meta, these applications could be downloaded through app stores such as Google Play Store, APK Pure, APKSFree, iDescargar or Malavida, among others.
You should never use unofficial WhatsApp clients: your account could be at risk.
WhatsApp warns once again about the danger of unofficial clients
The main leader of WhatsApp, Will Cathcart, has been one of those responsible for warning about this serious security problem that would have affected more than a million WhatsApp users around the world.
Explain what malicious appsmostly coming from the developer under the name “HeyMods”, contained malware capable of collect sensitive user information stored on their devices, as well as carry out the whatsapp account theft. Infected apps include famous third-party WhatsApp clients like heywhatsappand other tools like AppUpdater for WhatsPlus 2021 GBI FM HeyMods and Theme Store for Zap.
The defendants programmed the malicious applications to communicate user credentials to WhatsApp computers and obtain users’ account keys and authentication information.
One of the applications mentioned, AppUpdater for WhatsAplusaccumulated at the time of discovery over a million downloads in total through the Google Play Store. It wasn’t until July that the app store’s protection system, Google Play Protectwas updated to detect the threat posed by this application.
From Meta they assure that they are going to take legal action against HeyMods to prevent the company from acting again in the future. Likewise, it will search for all the companies that are carrying out any type of attack of this type.
If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at https://t.co/YAJdT4emYv.
— Will Cathcart (@wcathcart) July 11, 2022
Already in the month of July, when WhatsApp was aware of the threat, the Cathcart alerted users of the messaging platform about the serious risks involved in using a third-party WhatsApp client. He warned that, although these apps seem harmless, they are capable of circumventing WhatsApp’s privacy and security guarantees. And it seems that he was right.