Meta Sues App Developers to Steal Over One Million WhatsApp Accounts

Recently, a number of Chinese companies have been sued by Meta because they have created and used “unofficial” WhatsApp Android apps that were developed without the consent of WhatsApp.

It is estimated that the operators of these unofficial apps have stolen over one million WhatsApp accounts since May 2022 with the help of these unofficial apps. The court document said.

The following names have been found to be associated with them:-

  • HeyMods
  • Highlight Mobi
  • HeyWhatsApp

On the sites of each of these companies, as well as from the following stores, these malicious apps could be downloaded at any time:-

  • Google Play Store
  • APK Pure
  • APKSFree
  • iDescargar
  • Malavida

WhatsApp accounts theft

As soon as the malicious apps are installed on the phone, they are hijacked to send spam messages to the users by means of bundled malware capable of harvesting sensitive information, like authentication data.

The malicious apps also include the:-

  • AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods
  • Theme Store for Zap

There have been over one million downloads of AppUpdater for WhatsPlus only, as its entry data on the Google Play Store depicts it.

Will Cathcart, the head of WhatsApp at Meta, issued the following warning to users during the month of July:- 

“For example, he mentioned the apps of HeyMods and HeyWhatsApp in his rant, asking people not to download modified versions of WhatsApp.”

It is always advised that users beware of these malicious apps, as they promise to offer enticing features but in reality, they are nothing more than a scam. The reason is that these malicious apps only steal personal information from people’s smartphones.

As soon as Meta discovered the malicious apps, they shared the information with Google and worked with them to take steps to combat them.

In mid-July, Google Play Protect, an app that ensures the protection of Android devices, released a new update that detects and disables malicious fake WhatsApp versions downloaded in the past.

Terms Breached

Specifically, a part of the complaint describes how malicious apps were used by the threat actors to hack WhatsApp accounts by stealing account information.

In its lawsuit, Meta alleges that the three companies have violated the terms of service and developer license agreement of WhatsApp.

By creating various WhatsApp accounts, Facebook Pages, and apps, the defendants agreed and committed to the following terms:-

  • WhatsApp Terms
  • Meta Terms
  • Platform Terms
  • Developer Policies

They breached their agreement with WhatsApp and Meta by taking illicit actions, resulting in WhatsApp suffering losses due to their actions.

Cyber Attack with Zero Trust Networking – Download Free E-Book

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.