Your Whatsapp Conversation May Have Been Stolen and Available for Sale

If you may have installed an Android game from its official Play Store called “Balloon Pop 2” then your Whatsapp chat must have been stolen and may have been available over the Internet for sale.

clip_image002

Google has recently removed a game called “Balloon Pop 2” from its PlayStore after it was discovered to be fraudulent and was stealing Whatsapp conversations database of its users, the perpetrators are even selling user’s Whatsapp database online on their very own website called WhatsappCopy.

The website content however is written in Spanish language, revealing that the developers are based somewhere in the Spain; here is the translated screenshot of the Website homepage for your ease,

clip_image004

Even though, the game has already been deleted from the Play Store, the apk is still available everywhere in the wild including the developer’s very own website to download, as can be seen in the screenshot above.

On the other hand, the Game/Website developers are claiming it to be a valid app by stating that their game is offering the way to back-up WhatsApp history to its users; they are even promoting it as a backing-up solution openly.

However after a little research of the website it appeared as the developer’s intentions were completely opposite of what they claimed it to be, here is another screenshot from the website with its translated version,

clip_image006

It translates as, “Want to be notified when you receive a new backup from phone (0331-xxxxxxx)?”

From the above screenshot it is obviously clear that anybody could get notification about the availability of anyone’s Whatsapp conversation history through an e-mail with no authentication whatsoever.

On the side note, if the developer’s purpose were to really offer backing-up solution then they would have warned its users about it at the time of installation of the game. However, this is not true because, without the provision that the users already aware about the website, they never would learn that their private chats is available to anyone who know their mobile number.

Security researcher Graham Cluley who was the first to highlight this matter, has claimed that McAffee is already working to update their Android based Antivirus to detect any script executed by BalloonPop2 application,

“McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.” He said.


  • Azi

    which website is this screenshot?

  • Rizwan Yaqoob

    Malware attacks increased by half in Android OS after Windows. Being open source Android could face serious issues while iOS is safe on the other hand.

    • Shoaib

      Linux is open source. How many hacks and malwares do you see on Linux? (I know, I know. Android is based on Linux. I’m talking about the desktop version of Linux)

    • ExFat

      Even if it does happen on iOS, apple removes or recovers it immediately releasing iOS updates.. in Android case, we rely on our vendor who probably does not release any software for updating device to latest version of Android or fixing such issues. We stick with the software we bought year ago or change our device.

    • Salman Abbas

      WhatsApp is known for their careless attitude towards security, stop badmouthing open source software for that. This would never have been possible if they encrypted the conversations.

      • Javed Khan

        Remember folks, a computer/ device can only be as secure as the user operating it. You’ve nobody but yourself to blame if you end up getting infected just because of some stupid too good to be true offer caught your eye :p

  • I met a person he logged in my whatsapp id within few seconds and told me about my recent messages/contacts

    • Azi

      how he logged in ?

      • i don’t know, he just asked for my whatsapp number

  • Hasan Saeed

    This is still news to some??? Just Google “Whatsapp security” and read till your eyes bleed. No one should consider Whatsapp to be secure