An unofficial version of the popular WhatsApp messaging app called YoWhatsApp has been observed spreading an Android Trojan known as Triada.
The goal of the malware is to steal keys that “allow WhatsApp account usage without an app”. “If the keys are stolen, the malicious WhatsApp mod user may lose control of their account.”
Usually spread through fraudulent advertisements on Snaptube and Vidmate, the app, upon installation, asks victims to grant it permissions to access SMS messages, enabling malware to sign them up for paid subscriptions without their knowledge.
Successful theft of the keys can lead to a full account hack, allowing the adversary to access chat messages and even impersonate the victim to send spam and perform financial fraud.