Sakina Tashrifwala
Published on: October 8, 2022 at 18:06 IST
Meta, the parent company of Facebook, has filed a lawsuit against three Chinese developers, accusing them of developing forgeries of WhatsApp Android applications that were used to steal over a million user accounts.
The company also stated that it has detected and reported 400 applications targeted to stealing Facebook login information to Apple and Google.
On Tuesday, the internet behemoth sued Rocky Tech, Luokai Technology, and ChitChat Technology—three independent firms situated in Hong Kong, Beijing, and Taipei City, respectively—in a U.S. District Court in San Francisco.
The defendants are accused of supporting a plot to take over more than one million WhatsApp accounts by utilising trojanized programmes marketed as “modified” versions of WhatsApp.
These applications, which were marketed as “legal alternatives” to the encrypted messaging service, were really infected with malware and would steal personal device information, enabling for account takeovers.
I’m not sure why someone would want a shady “modified” version of an app that is already free and easy to get, but well, it is what it is! The victims presumably already had WhatsApp accounts but were dissatisfied with the customization options? The fake programme versions are believed to have given the opportunity to modify the “look and feel” of WhatsApp accounts, as well as theme and colour changes.
“After victims installed the Malicious Applications,” the suit claims, “they were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications.”
The defendants would then facilitate the “misappropriation of users’ WhatsApp account keys, which include authentication information from the victim’s device and used them to access the victim’s WhatsApp account without authorization.”
Unfortunately, this appears to have happened fairly frequently. According to the lawsuit, the scam duped “nearly one million WhatsApp users into self-compromising their accounts.” Once penetrated, criminal actors would typically exploit their access to send commercial spam messages.
Meta claims it has already sent cease and desist letters to the criminal actors, blocked Facebook accounts associated with the scam, and reported the fraudulent apps to the Google Play store and other third-party platforms to have them removed.
According to Bleeping Computer, Android’s Google Play Protect has been modified since July to detect and deactivate previously downloaded versions of the fraudulent apps.
These aren’t Meta’s only problems with account takeovers. Meta’s security team issued a report on Friday claiming that the business has recently discovered 400 separate mobile applications committed to stealing Facebook user login information.
These trojans—355 for Android and 47 for iOS—snuck their way onto the Google Play and Apple App Stores, where they were disguised as picture editors, gaming apps, and VPN services.
In actuality, the applications stole users’ login information and enabled account hijacking.
According to Meta, the applications have subsequently been removed.
According to the research, “malicious developers construct malware applications masquerading as apps with entertaining or helpful features — such as cartoon image editors or music players — and launch them on mobile app stores.”