Data Theft

Meta Sues App Developers to Steal Over One Million WhatsApp Accounts

Recently, a number of Chinese companies have been sued by Meta because they have created and used “unofficial” WhatsApp Android apps that were developed without the consent of WhatsApp.

It is estimated that the operators of these unofficial apps have stolen over one million WhatsApp accounts since May 2022 with the help of these unofficial apps. The court document said.

The following names have been found to be associated with them:-

  • HeyMods
  • Highlight Mobi
  • HeyWhatsApp

On the sites of each of these companies, as well as from the following stores, these malicious apps could be downloaded at any time:-

  • Google Play Store
  • APK Pure
  • APKSFree
  • iDescargar
  • Malavida

WhatsApp accounts theft

As soon as the malicious apps are installed on the phone, they are hijacked to send spam messages to the users by means of bundled malware capable of harvesting sensitive information, like authentication data.

The malicious apps also include the:-

  • AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods
  • Theme Store for Zap

There have been over one million downloads of AppUpdater for WhatsPlus only, as its entry data on the Google Play Store depicts it.

Will Cathcart, the head of WhatsApp at Meta, issued the following warning to users during the month of July:- 

“For example, he mentioned the apps of HeyMods and HeyWhatsApp in his rant, asking people not to download modified versions of WhatsApp.”

It is always advised that users beware of these malicious apps, as they promise to offer enticing features but in reality, they are nothing more than a scam. The reason is that these malicious apps only steal personal information from people’s smartphones.

As soon as Meta discovered the malicious apps, they shared the information with Google and worked with them to take steps to combat them.

In mid-July, Google Play Protect, an app that ensures the protection of Android devices, released a new update that detects and disables malicious fake WhatsApp versions downloaded in the past.

Terms Breached

Specifically, a part of the complaint describes how malicious apps were used by the threat actors to hack WhatsApp accounts by stealing account information.

In its lawsuit, Meta alleges that the three companies have violated the terms of service and developer license agreement of WhatsApp.

By creating various WhatsApp accounts, Facebook Pages, and apps, the defendants agreed and committed to the following terms:-

  • WhatsApp Terms
  • Meta Terms
  • Platform Terms
  • Developer Policies

They breached their agreement with WhatsApp and Meta by taking illicit actions, resulting in WhatsApp suffering losses due to their actions.

Cyber Attack with Zero Trust Networking – Download Free E-Book

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

UEFIcanhazbufferoverflow Flaw In Intel Processors Impacts 100s of PCs & Servers

The Phoenix SecureCore UEFI firmware has discovered a new vulnerability, which runs on several Intel…

16 hours ago

New Linux Variant Of RansomHub Attacking ESXi Systems

Hackers often attack ESXi systems, as they are widely used in enterprise environments to manage…

16 hours ago

Over 50% of US Car Dealers Are Shut Down Following CDK Hack Attack

A cyberattack on CDK Global, a major provider of automotive dealership software solutions, has caused…

18 hours ago

Hackers Published Sensitive Data Stolen From London Hospitals

A cyber-attack on London hospitals resulted in the publication of sensitive data stolen from Synnovis,…

19 hours ago

Hackers Employing FB Infrastructure to Steal Your Account Passwords

Cybercriminals in password theft are constantly developing new ways to deliver phishing emails. They’ve learned…

19 hours ago

CISA Issues New Advisory for Industrial Control Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory concerning a critical…

20 hours ago