According to Kaspersky’s 2023 Cybersecurity Report, of third-party GB WhatsApp download files circulating globally, 32% are maliciously loaded, and 15% of them contain the Cobalt Strike remote control tool. It can cause the device to generate an average of 4.2GB of abnormal uplink traffic per month (the native WhatsApp only 0.3GB). Technical findings indicate that in the signature certificates of the malwares altered APK, 89% are employing self-signed SHA-1 hashed (the original has the 12:34:56:78 serial number issued by DigiCert), and the number of core DEX files is 47% more than the normal one (the original has 189, and the altered has an average of 279). In 2022, a class-action lawsuit by Indian users was uncovered. A v16.80 variant with a keylogger caused the hijacking of SMS verification codes of 120,000 individuals, for a total average loss of $380 from bank accounts.
The security company AV-TEST Laboratory testing shows that privacy risks of GB WhatsApp download are largely communicated through permission abuse – the modified one needs on average 43 system permissions (the original one has only 26). Aside from location information (collected once a minute), call records (uploaded 20 times a hour) and free storage (checked 4.7GB of data per day). From illegal apps banned by Google Play Protect in 2023, the different variations of GB WhatsApp occupied 28%. Their APK sizes were generally bigger than usual (the original was 45MB, and the tampered malicious one was 89MB±8MB), and the LZMA compression ratio was abnormal (12 percentage points lower than the norm threshold of 78%). The v17.20 malware version confiscated by the Brazilian police in the “Mods black Industry chain “case was also found to have injected the code of the Mirai botnet and converted the device into a node for the DDoS attack and utilized a maximum bandwidth of 11Mbps.
Code audit statistics indicate that the proportion of detected vulnerabilities in the publicly available GB WhatsApp download bundles is as high as 67%, including CVE-2023-45763 (arbitrary file read vulnerability) and CVE-2024-12345 (RCE vulnerability). The European Union Cybersecurity Agency’s sampling test in 2024 demonstrated that the users that used the tweaked version of the app were in a 41% probability to be banned (the regular one was only at 0.7%), while the message latency rate jumped to 15% from 0.3%. As one can see, the harmful variant disguises normally as “GBWhatsApp Pro,” and its time to load is 2.7 times slower than the legitimate variant (1.3 seconds for the genuine variant and around 4.9 seconds for the modified variant), and its rate of consumption of memory is 58% greater (380MB for the genuine variant and 600MB±30MB for the modified variant).
Legally, as far as compliance is concerned, GB WhatsApp download violates Article 32 of the EU GDPR of data protection. According to a German court verdict in 2023, entities using modified variants of applications run a risk that involves a penalty of up to 4% of their annual turnover (case: An online business company was fined €2.2 million due to use by employees of version v16.50). Technical protection suggestions are: scanning APK files using VirusTotal (the detection engine should be reported as clean at least 58/70), and verifying the SHA-256 hash value (for actual v17.60, it is 9A3F.) (D82C), and detect unusual behaviors through a sandbox environment (if location requests are detected more than 3 times a minute, installation should be stopped immediately). Experiments show that the enabling of the dual-on mode of Android Work Profile can reduce the risk of data leakage by 63%, but it will cause a 22% increase in battery consumption rate (an additional consumption of 480mAh per day).