An Android app dubbed WhatsApp Plus has been unmasked as a variant of Android/PUP.Riskware.Wtaspin.GB, which steals information, photos, phone numbers and so on from a mobile phone.
Fake WhatsApp riskware, usually found in third-party app stores, dates back to mid-2017. However, the newest version is notable in that its pathology indicates a copycat phenomenon occurring among malware developers.
The malware, once installed, tells users that their app is out of date and offers a download link. Once clicked, users are taken to a webpage written entirely in Arabic. The page calls the app “Watts Plus Plus WhatsApp” and purports to be developed by someone named Abu.