Meta has sued companies doing business as "HeyMods," "Highlight Mobi" and "HeyWhatsApp" for stealing over a million accounts using unofficial WhatsApp Android apps, Bleeping Computer has reported. The malware-infested apps were available on several APK sites and even the Google Play Store, according to the complaint.
"After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials," according to the suit filed in the US District Court in San Francisco. "The Defendants programmed the Malicious Applications to communicate the user's credentials to WhatsApp's computers and obtain the users' account keys and authentication information."
We’ll of course continue our efforts to detect and block these kinds of apps going forward. We're also taking enforcement action against HeyMods to stop future harm, and will further explore legal options to hold HeyMods and others like them accountable.
— Will Cathcart (@wcathcart) July 11, 2022
The apps in question are called "Theme Store for Zap" and "AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods" among others. The latter app was installed more than a million times for the Google Play Store, according to Bleeping Computer.
WhatsApp chief Will Cathcart warned users not to download the fake apps, saying they "were just a scam to steal personal information stored on people's phones." He added that Meta's findings were shared with Google, and in July, Google Play Protect was updated to detect and disable the fake apps. "We're also taking enforcement action against HeyMods... and will explore legal options to hold HeyMods and others like them accountable," he said.
Meta said the developers effectively breached their agreements, though jurisdiction isn't clear as the complaint indicates that the companies are organized under the laws of three different regions (Hong Kong, Beijing and Taiwan). In any case, Cathcart gave some advice that applies universally to any app: "If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at http://WhatsApp.com/dl."