TLDR
Sideloaded 'WhatsApp Plus' / 'GBWhatsApp' / 'YoWhatsApp' / Telegram mod apps promise extra features (multi account, themes, no blue ticks). Distributed via Telegram channels, Reddit, third party APK sites. Variants embed spyware that reads...
How it works
Sideloaded 'WhatsApp Plus' / 'GBWhatsApp' / 'YoWhatsApp' / Telegram mod apps promise extra features (multi account, themes, no blue ticks). Distributed via Telegram channels, Reddit, third party APK sites. Variants embed spyware that reads...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1Tells: 1) you're installing WhatsApp from a non Play Store source; 2) requested permissions exceed normal WhatsApp scope (Device Admin, Accessibility); 3) modder hosts on a free host domain; 4) mod version number is suspiciously high (e.g.
Source
ESET-WhatsApp-Mod
Source reviewed by Mythos Forensic Team
https://www.welivesecurity.com/2023/09/08/telegram-signal-whatsapp-mods-spyware/FAQ
Is WhatsApp / Telegram modded APK with embedded trojan a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
Tells: 1) you're installing WhatsApp from a non Play Store source; 2) requested permissions exceed normal WhatsApp scope (Device Admin, Accessibility); 3) modder hosts on a free host domain; 4) mod version number is suspiciously high (e.g.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.