Posted on October 9, 2022 at 4:10 PM
Meta sues app developers for stealing over 1 million WhatsApp accounts
Meta, formerly Facebook, has filed a lawsuit against multiple Chinese companies. The companies in question were conducting business under HeyMods, Highlight Mobi, and HeyWhatsApp.
Meta sues app developers for stealing over 1 million WhatsApp accounts
In the legal complaint, Meta says that the accused companies were developing and reportedly using “unofficial” WhatsApp Android applications. These apps were used to steal more than one million WhatsApp accounts from May 2022.
The Meta complaint further adds that the malicious applications were available for download from the sites belonging to the three companies. Moreover, the apps could also be downloaded from Google Play Store, Malavida, APK Pure, iDescargar, and APKSFree.
Once a user installed these applications, they used bundled malware to collect the sensitive information. One of these applications includes AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods and Theme Store for Zap.
Part of the information stolen from the attacker includes the details of account authentication to hijack WhatsApp accounts and send spam messages. The complaint also notes that users were required to verify their access to WhatsApp accounts, and the information would be used to harvest user details.
“After victims installed the malicious applications, they were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on the malicious applications,” the complaint said.
It also appears like the defendants programmed the malicious applications so they could communicate with the user credentials with the WhatsApp computers. The developers obtained account keys and authentication details through these apps. This allowed them to collectively access the accounts of the users that downloaded their apps.
Some of the apps that WhatsApp has complained about are quite popular. One of these apps is App Updater. AppUpdater is an application that is exclusive to WhatsPlus. Over a million Android users installed the app according to its entry on Google Play Store.
Will Cathcart, the head of WhatsApp at Meta, issued a warning to users in July, asking them not to download the modified versions of WhatsApp. Cathcart also pointed to HeyMods and HeyWhatsApp apps as examples of these modified versions.
In the statement, Cathcart also added, “Recently, our security team discovered hidden malware within apps – offered outside of Google Play – from a developer called “HeyMods” that include “Hey WhatsApp” and others.”
Meta shares investigation details with Google
The Meta executive further explained that these applications promised users new features. However, they were just a scam used to steal the personal information stored within people’s phones. The company has shared the details of its investigation with Google and was also working with the company to get rid of these malicious apps preying on user data.
From mid-July, Google issued updates to the Android’s Google Play Protect. The update aimed to detect and disable malicious fake versions of WhatsApp that had been downloaded maliciously. This happened after Meta alerted Google of the results of its investigation.
Cathcart also explained that the company was taking enforcement action against HeyMods to protect users. By suing the developers, Meta wanted to stop future harm to users and explore other legal actions that would hold HeyMods and others accountable.
Part of the complaint against the company is currently focused on how the attacker used malicious applications to steal account details and gain unauthorized access to WhatsApp accounts. In its lawsuit, Meta says that three companies breached WhatsApp’s terms of use and the developer agreement signed by Meta.
According to Meta, the defendants had also agreed, and the company’s terms bound them after creating several WhatsApp accounts. They also agreed and were subject to the terms of Meta, the Platform Terms, and Developer Policies after creating apps and Facebook pages.
WhatsApp has also said that the company caused damages to the social media company. The developers could be forced to pay for these damages if the case against them succeeds.
WhatsApp has said that by the developers taking these actions and stealing user information, they breached their agreement with Meta and WhatsApp. The action also led to WhatsApp sustaining major damages. Part of the damages suffered by the social media company includes the resources deployed in investigating the fraudulent scheme.
Given the wide reach that these apps had, and their listing on Google Play Store, the number of WhatsApp users affected by the infiltration of personal information could be notably high.