WhatsApp is one of the popular messaging apps in the market, used by billions of people across the world. But this has made it a hotbed for attackers, forcing users to use fake versions of WhatsApp full of malware. We’ve always known about this issue, but this week, Will Cathcart, head of WhatsApp at Meta, shared some pointers that everyone should follow carefully.
Cathcart shared a list of issues with modified/fake WhatsApp version which may not sound suspicious but can have a big impact on your smartphone.
reminder to @WhatsApp It is never a good idea for users to download a fake or modified version of WhatsApp. These apps seem harmless but they can work around WhatsApp privacy and security guarantees. a thread:
— Will Cathcart (@wcathcart) 11 July 2022
In this thread, Cathcart talks about a hidden malware found in these modified versions of WhatsApp by the security team. These apps were available outside the Play Store, making it easy for a developer called “HeyMods” to include Hey Whatsapp and other apps.
He points out that while such apps promise new features, their sole purpose is to steal personal information from your devices. Cathcart mentions that details about these apps have been shared with Google to remove them from the ecosystem. He also states that WhatsApp will continue to detect and block such apps. He adds that WhatsApp is also taking enforcement action against Hemodes and will pursue legal options to hold such developers accountable.
And he wraps up the thread with a word of advice for users, asking them to download WhatsApp only from trusted app stores or install them directly from WhatsApp’s official website.
Because WhatsApp has a strict mechanism for such accounts, and if they are found using fake/modified versions, the accounts can be banned or other action can be taken against them.
It’s good to see the head of WhatsApp come forward and share this information, but it must be said that Google still needs to do a lot of work to stop malicious apps from being listed on the Play Store. It cannot be denied that the system has improved, but with changing attack methods, the security needs to be upgraded to match the needs.