Meta has filed lawsuits against entities operating as “HeyMods,” “Highlight Mobi,” and “HeyWhatsApp” for hijacking over a million accounts via unauthorized WhatsApp Android applications.
According to the lawsuit, the malware-filled programs were accessible on several APK websites and even the Google Play Store. The complaint submitted to the US District Court in San Francisco claims that “victims were requested to input their WhatsApp user credentials after they installed the Malicious Applications.” The malicious applications were built by the defendants to transmit the user’s credentials to WhatsApp’s systems and steal the user’s account keys and authentication details.
The programs in question include, among others, “AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and “Theme Store for Zap.” According to Bleeping Computer, the later program was downloaded more than a million times from the Google Play Store. Will Cathcart, the head of WhatsApp, issued a warning to users, claiming that the fraudulent applications “were essentially a hoax to steal personal information saved on people’s phones.”
He continued by saying that Google was informed of Meta’s findings, and in July, Google Play Protect was modified to recognize and remove the fraudulent applications. In order to keep HeyMods and other people like them accountable, he added, “We’re also pursuing enforcement action against HeyMods… and will investigate legal possibilities.”
Although the lawsuit implies that the businesses are set up in accordance with the rules of three distinct countries, Meta claimed that the developers had really broken their agreements. However, jurisdiction is unclear in this case (Hong Kong, Beijing, and Taiwan). In any event, Cathcart offered several pointers that are applicable to all apps: If you observe friends or relatives using a different version of WhatsApp, tell them to only download it from a reputable app store or straight from http://WhatsApp.com/dl.