Meta Sues Chinese Devs Over WhatsApp Malware Plot

Written by

WhatsApp parent company Meta is suing three Chinese developers for allegedly tricking users into downloading fake versions of the app that harvested their login details.

WhatsApp and Meta are listed as plaintiffs in the case, filed in the US District Court for the Northern District of California this week, against Hong Kong’s Rockey Tech HK and Beijing Luokai Technology, and Taiwan’s ChitChat Technology.

The defendants are accused of distributing at least two malicious apps, “AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and “Theme Store for Zap,” which misused WhatsApp trademarks. They were apparently promoted for download on Google Play and third-party app marketplaces.

Once installed, the apps collected user credentials, then proceeded “to communicate the user’s credentials to WhatsApp's computers and obtain the user’s account keys and authentication information.” The malware then allegedly transmitted this access information back to the developers.

The developers used access to victims’ WhatsApp accounts to send spam to their contacts, the complaint alleges, according to Law360.

The tech giant is suing the trio of developers not only for misusing and infringing upon WhatsApp's trademarks but also for breaching Meta contract terms. That’s because they created business accounts and Facebook pages.

“Defendants agreed and became bound by the Meta terms, platform terms, and developer policies when they created various Facebook pages and applications,” the suit reportedly states. “Defendants breached these agreements with Meta by taking the actions described.”

WhatsApp and Meta complained that they have spent significant “efforts and resources” to “investigate, address, and mitigate” the issues set out in the complaint.

Referring to the trio of Chinese companies, a statement from the messaging giant said it is hoping the legal action will “put developers like them on notice.”

What’s hot on Infosecurity Magazine?