Chinese firms sued by Meta for stealing 1M+ WhatsApp accounts

Chinese companies HeyMods, HeyWhatsApp, and Highlight Mobi have been charged by Meta for allegedly developing and utilizing unofficial WhatsApp Android apps to facilitate the theft of more than 1 million WhatsApp accounts since May, according to BleepingComputer. Such apps, which have been available not only from the firms' sites but also in the Google Play Store, APK Pure, and other app stores, include malware with sensitive data exfiltration capabilities, which could then allow WhatsApp account hijacking, said Meta in its complaint. "The Defendants programmed the Malicious Applications to communicate the user's credentials to WhatsApp's computers and obtain the users' account keys and authentication information (collectively, 'access information')," the complaint said. Users have been warned by Will Cathcart, head of WhatsApp at Meta, in July against downloading modified WhatsApp versions, such as the apps developed by HeyMods and HeyWhatsApp. "These apps promised new features but were just a scam to steal personal information stored on people's phones. We've shared what we found with Google and worked with them to combat the malicious apps," said Cathcart.