Brazil is the second most attacked country by new malware that uses WhatsApp
A new virtual attack is circulating: YoWhatasApp users – a WhatsApp modification known for having features that the official app does not offer – download the tool and get a trojan as a “freebie” that opens a door on the mobile device and allows criminals to steal users’ data and passwords.
According to Kaspersky, a cybersecurity company, this attack has already claimed more than 3,600 victims worldwide in the last two months.
Brazil was the second most attacked, with 400 victims, behind only Russia, with 499 records. The Triad Trojan, besides downloading other viruses, can steal WhatsApp accounts.

According to information from the network, WhatsApp is one of the most used messaging apps in the world, with 2 billion users.
In Brazil, there are 120 million users. This reach, according to Kaspersky, means that many people who use the platform are looking for new features that the settings of the original application do not have.
For this reason, many prefer to download modifications such as custom backgrounds and fonts in the chats or even password-protected login in certain conversations. However, these modifications (mods) are not always safe.
Kaspersky has already discovered another modification that spreads the Triad trojan to mobile devices.
Researchers have observed that fraudsters continue to take advantage of the platform’s popularity to create malicious modifications, such as some versions of the so-called YoWhatsApp.
To use YoWhatsApp, users need to log into the account of the legitimate app. However, along with the new features, Triad is also downloaded.
After infecting the victim, the cybercriminals run the malware on the device and control the individual’s account on the official WhatsApp app, which gives them the ability to steal logins and take money from victims by making paid subscriptions that users don’t even know exist.
To infect as many people as possible, the cybercriminals have resorted to a new distribution scheme; now, the well-known Android app, Snaptube, used to download videos from YouTube, Facebook, and Instagram.
Because of the app’s popularity, many victims are unaware that this modification can be dangerous.
VIDMATE APP
YoWhatsApp is also being distributed via the Vidmate app. In addition to being used to download videos from YouTube, this app contains an unofficial Android app store.
There, attackers have published a malicious version of YoWhatsApp called “Whatsapp Plus”. Since Vidmate is not an official app store, the likelihood of malicious apps being distributed there is higher.
“Advertising in legitimate apps is a clever way for criminals to spread malicious apps because many believe that if the app they are using is safe, the ads that appear there also do not carry any risk.
“However, as we can see, this is not always the case. We, therefore, recommend that people only download applications from official stores.
“They won’t always have the same number of customized features, but they will certainly be much safer, reducing to a minimum the possibility of losing your account or your money,” comments Fabio Assolini, director of Kaspersky’s research and analysis team for Latin America.
WHAT WHATSAPP SAYS
Sought, WhatsApp stated that there is no other version of WhatsApp other than the official ones: WhatsApp Messenger and WhatsApp Business.
“The non-compatible apps are modified versions of WhatsApp. They were developed by third parties and violate our Terms of Service,” it said in a statement.
The company further added that it “does not allow the use of its service for unlawful or unauthorized purposes, such as violating third-party rights, inciting or encouraging unlawful and inappropriate conduct, including coordinating actual harm.”
It further stated that if a user violates the app’s terms of service or policies, WhatsApp can take action regarding that account, such as deactivating or suspending it.
The app explains that reporting can be done directly in conversations, through the “Report” option available in the app’s menu (Menu > More > Report) or by pressing longer on a message and going to Menu > Report.
“Users can also send reports to the e-mail [email protected], detailing what happened with as much information as possible and even attaching a screenshot,” it says in a note.
HOW TO PROTECT YOURSELF?
- Avoid clicking on links or ads that promise prizes, commonly sent by messaging applications or via SMS.
- For those who have been victims of the scam, it is recommended to write down the transaction data and file a report at the police station.
- Avoid posting personal or work information. Leave only the essentials on specific networks for this, such as LinkedIn.
- Do not accept help from strangers: calls offering support and unrealistic opportunities are scam attempts. Never give out your personal data, and always check the official channels for assistance.
- Use and update your antivirus: whether on your personal computer or at work, check if the protection software is up to date and if the company offers other tools such as VPN and two-step verification.
- Be careful when installing tools on your machine. Don’t download programs and software from suspicious and unknowing sites. They may be illegal or even contaminated with malware.
- Enable two-step confirmation. Make verification active in your applications, especially social networking, banking apps, and digital accounts, whenever possible.
With information from Extra
Read More from The Rio Times