Security researchers at Kaspersky have found an unofficial version of YoWhatsApp – which offers various customisation options to users –  is deploying malware that allows the use of a WhatsApp account without the app. The Triada trojan can be used to sign victims up to unwanted paid subscriptions and allow criminals to impersonate the victim to conduct financial fraud.

The compromised version of YoWhatsApp is being advertised on legitimate services such as Snaptube and Vidmate, and via an unofficial Android app store. Advertised as WhatsApp Plus, the add-on allows users to block calls from unsaved numbers, bulk message, access new privacy features and set additional wallpapers and themes. Its presence on legitimate websites makes potential victims less wary, and Kaspersky estimates around 3,600 users had been duped by mid-October.

One million accounts

Last year, Kaspersky discovered another WhatsApp mod, FMWhatsApp, was being used to deliver Triada malware. Meta Platforms is also suing companies doing business as HeyMods, Hikghlight Mobi and HeyWhatsApp for allegedly stealing over one million accounts using unofficial apps on Android.

WhatsApp chief executive Will Cathcart has warned users not to download fake apps, calling them “a scam to steal personal information stored on people’s phones”.