Dubbed as “WhatsApp Plus”, the app disguises itself as the pro-variant of WhatsApp offering additional functionality and lots of handy new features like running four WhatsApp accounts, hide ‘typing message’ notification, hide double ticks and blue ‘read’ ticks, mentions a report by Malwarebytes Lab. However, the app instead steals personal information from the phone, including photos and phone numbers, and replaces it with malware. Fortunately, while the app is not available on the Google Play Store or Apple App Store, the APK file of the app is in circulation online via comments on blogs and forums targeting potential users who fall for it and download it on their smartphones. The illegal version of WhatsApp is said to be a variant of WhatsApp riskware Android/PUP.Riskware.Wtaspin.GB, which is a WhatsApp riskware that dates back to mid-2017. When the APK is installed, the app displays a greeting message with a gold WhatsApp Plus logo in the center, a URL link and a permission ‘box’ to redirect to a download. It asks for permission to ‘agree and continue’, if accepted it redirects the user to a website with content written in Arabic and tells visitors to download ‘Watts Plus Plus WhatsApp’. Once installed, the app reportedly collects user information. The researcher who published the findings states, “I am not certain exactly what this does, but from the sandbox reports it looks like it has the potential to steal information, photos, phone numbers etc from your mobile phone.” In other words, the app can get access to a user’s personal info and upload it to their own server. If you have unknowingly downloaded the fake version of WhatsApp, it is advisable to uninstall the app immediately. To avoid such a situation, it is always advisable to refrain from installing any non-verified apps and games and download them only from the official Google Play Store or Apple App Store.