2 min read

Meta sues Chinese app developers for compromising over 1 million WhatsApp accounts

Alina BÎZGĂ

October 07, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Meta sues Chinese app developers for compromising over 1 million WhatsApp accounts

Facebook’s parent company, Meta, has sued a set of Chinese app developers said to have developed unofficial versions of WhatsApp to trick users into handing over their login credentials.

Meta says that over 1 million WhatsApp accounts have been compromised.

The Chinese-based business, known as HeyMods, Highlight Mobi, and HeyWhatsapp, are believed to have developed “malicious” versions of the Meta-owned instant messaging app that “mislead over one million WhatsApp users into self-compromising their accounts as part of an account takeover attack.”

According to Meta’s complaint, the malicious apps were available for download on multiple platforms, including the Google Play Store, APK Pure, APKSFree, iDescargar and Malavida, between May and July 2022.

“Beginning no later than May 2022 continuing until at least July 2022, Defendants facilitated an account takeover attack targeting WhatsApp and its users,” the complaint reads. The defendants “developed and distributed on various websites, including heymods.com and the Google Play Store, at least two Malicious Applications and multiple versions thereof, which contained malware and were designed to trick victims into self-compromising their WhatsApp accounts.”

Meta says that, once installed, the malware-ridden apps harvested user info to hijack WhatsApp accounts and send spam messages from compromised accounts.

"After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications," Meta’s complaint says. "The Defendants programmed the Malicious Applications to communicate the user's credentials to WhatsApp's computers and obtain the users' account keys and authentication information (collectively, 'access information')."

In July of this year, the head of WhatsApp, Will Cathcart, also warned users not to download any modified versions of the application as they pose a serious threat to their privacy and account security.

"These apps promised new features but were just a scam to steal personal information stored on people's phones,” Cathcart tweeted. “We've shared what we found with Google and worked with them to combat the malicious apps."

“If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at http://WhatsApp.com/dl,” he added.

Bitdefender security solutions cater to all your digital needs. To protect against malicious software you may unwittingly download on your phone, check out Bitdefender Mobile Security for Android.

Our dedicated mobile security solution helps you avoid cyberthreats with a comprehensive malware scanner, automated scanning of newly installed apps and an anti-phishing module to protect against scams and fraudulent webpages.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read