Meta sues several app developers for allegedly stealing 1 million WhatsApp accounts

Once accounts were hijacked, they were used to send spam messages.

NurPhoto via Getty Images

Meta has sued companies doing business as "HeyMods," "Highlight Mobi" and "HeyWhatsApp" for stealing over a million accounts using unofficial WhatsApp Android apps, Bleeping Computer has reported. The malware-infested apps were available on several APK sites and even the Google Play Store, according to the complaint.

"After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials," according to the suit filed in the US District Court in San Francisco. "The Defendants programmed the Malicious Applications to communicate the user's credentials to WhatsApp's computers and obtain the users' account keys and authentication information."

The apps in question are called "Theme Store for Zap" and "AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods" among others. The latter app was installed more than a million times for the Google Play Store, according to Bleeping Computer.

WhatsApp chief Will Cathcart warned users not to download the fake apps, saying they "were just a scam to steal personal information stored on people's phones." He added that Meta's findings were shared with Google, and in July, Google Play Protect was updated to detect and disable the fake apps. "We're also taking enforcement action against HeyMods... and will explore legal options to hold HeyMods and others like them accountable," he said.

Meta said the developers effectively breached their agreements, though jurisdiction isn't clear as the complaint indicates that the companies are organized under the laws of three different regions (Hong Kong, Beijing and Taiwan). In any case, Cathcart gave some advice that applies universally to any app: "If you see friends or family using a different form of WhatsApp please encourage them to only use WhatsApp from a trusted app store or our official website directly at"