WhatsApp warns its users about fake apps that imitate messaging. Promising additional functions, they actually contain malware that steals the personal data of their victims.

WhatsApp warns its users about fake apps that imitate messaging. Promising additional functions, they actually contain malware that steals the personal data of their victims.

With its billions of users – and therefore potential victims – WhatsApp is often the target of hackers who lack neither ingenuity nor nerve to achieve their ends. The application is thus regularly targeted by phishing campaigns. In some cases, scammers even randomly call users to convince them to dial a special number. If the contacted person complies, they are logged out of their WhatsApp account, while hackers take control of their account. And that’s without taking into account the fake, virulent applications that currently abound on application stores and websites…

WhatsApp: fake apps that steal personal data

Will Cathcart, head of WhatsApp at Meta Group – which also owns Facebook, Instagram and Messenger – warned users in a tweet about fake WhatsApp apps. While they promise additional features, they actually contain malware that steals victims’ personal data. This is the case of the “Hey WhatsApp” application, which notably offers to personalize its interface.

“Downloading a fake or modded version of WhatsApp is never a good idea. These apps seem harmless, but they can circumvent WhatsApp’s privacy and security safeguards,” explains Will Cathcart. That is why it is imperative to download the WhatsApp application through the official store or on the website of the messaging service.

A recurring problem for Android users

This issue is only for Android users as the Play Store contains lots of infected apps. Apple, on the contrary, only allows downloading apps approved by the App Store. Fortunately, WhatsApp is currently working with Google to combat this issue. For example, Google Play Protect can now detect and disable these malicious apps, even after they’ve been installed. “We will of course continue our efforts to detect and block these types of apps in the future. We are also taking enforcement action against HeyMods to stop future harm, and we will explore new legal options to hold HeyMods and others like them responsible, said Will Cathcart. “Cellphone malware is a pernicious threat that must be countered, and the security community continues to develop new ways to prevent its spread.” Similarly, WhatsApp continues to add new features to its messaging, such as the ability to have one account for two smartphones and new privacy features, to discourage its users from turning to third-party applications.

If, on Android, alternative stores are authorized – Amazon App Store, AppGallery, Samsung Galaxy Store – this is not the case for Apple devices. The apple firm justifies this decision by the need to secure the personal and banking data of users, which it cannot do without having full control of all the links in the value chain. By preventing the installation of prohibited applications, Apple prevents those of malware. In return, it heavily charges the developers…

However, Apple may soon be forced to open up its operating system by allowing access to competition. Indeed, the European Union is in the process of putting in place new rules for digital players: the DMA (Digital Markets Act) and the DSA (Digital Services Act). “The European Parliament has achieved a world first by adopting strong and ambitious regulation of online platforms”said Margrethe Vestager, Executive Vice-President of the Commission for Digital Affairs, in a press release announcing adoption by the European Parliament. “Digital Services Law helps protect the rights of users online, while Digital Markets Law helps create fair and open online markets. […] Big platforms will have to refrain from promoting their own interests and will have to share their data with other companies and allow more app stores.”