Meta has sued several Chinese companies (including HeyMods, Highlight Mobi and HeyWhatsApp) for developing and using “unofficial” WhatsApp apps for Android. The fact is that since May 2022, these applications have been used to steal more than a million WhatsApp accounts.
By the way, also read our article: Top Facebook Scams 2022: How to Avoid Them.
According to court documents shared by Bleeping Computer journalists, malicious applications, in particular, were available for download from the websites of the companies themselves, as well as through the Google Play Store, APK Pure, APKSFree, iDescargar and Malavida.
After installing applications (including AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods and Theme Store for Zap), they used the built-in malware to collect sensitive user information, including authentication data, and then took over other people’s WhatsApp accounts to send spam.
At the same time, according to the official statistics of the Google Play Store, only the AppUpdater for WhatsPlus application has been installed more than a million times.
A gambling site that spammers advertised on WhatsApp
It is worth noting that last summer, the head of WhatsApp, Will Cathcar, warned users not to download modified versions of WhatsApp, and cited HeyMods and HeyWhatsApp as examples. Cathcart wrote that the company’s security service discovered hidden malware in these applications, and their main goal is to steal users’ personal information.
Interestingly, at the same time that the media learned about this lawsuit, Meta published an official press release in which it also stated that it had discovered more than 400 malicious applications that stole user data. However, here we are talking not only about applications for Android (355 pieces), but also about applications for iOS (47 pieces), and theft of credentials from Facebook accounts was named as their purpose.
By prompting victims to “Log in with Facebook,” the apps ended up stealing user credentials, hijacking other people’s accounts, and being able to “perform activities such as sending messages to friends and gaining access to personal information.”
More than a million users have reportedly been notified of the potential compromise and are now urged to change their passwords and enable two-factor authentication.