Don’t Download This WhatsApp File That Aims To Steal From M-Pesa Users


It’s a well-known fact that we should not download or open links, apps, documents, videos and audios from strangers or random groups. As we worry about the COVID-19 pandemic, it seems others have different plans to cope with this situation. There’s a malware app doing rounds in Kenya, being sent via WhatsApp as a fake Free YouTube app.

Fake YouTube App

The app was discovered by developer Jade Thuo, who has done a thread explaining and debunking the app’s features and purpose. If you haven’t received it yet, it looks something like this.

YouTube Malware AppSo, from what we understand, this Android malware is innocently posing as a YouTube apk. Once installed, it sends texts to your contacts.

This is not the regular ‘tuma kwa hii number’  we are used to seeing. The game has changed and conmen are using apps to target your friends and family.

As you can see in the image above, the app gets permission to read, send and receive messages. It does not stop there. It also asks to be an admin on your android system, thus enabling it to wipe/format your memory card.

Fake YouTube App

With this permission, it is able to text your contacts asking them to send KES 50 via M-PESA to a certain number. The low ask of 50 bob could seem insignificant now but imagine 10 of your contacts send the money. Then what if that it replicates this to 10 other victims! That’s  KES 5,000 just like that.

What are fake apps?

Fake mobile apps are Android or iOS applications that mimic the look and/or functionality of legitimate applications to trick unsuspecting users to install them.

Once downloaded and installed, the applications perform a variety of malicious actions. Some fake applications are built to aggressively display advertisements to rake in ad revenue, other apps are designed to harvest credentials, intercept sensitive data, divert revenue or infect devices.

More than half of users cannot distinguish between real and fake apps, according to a recent Avast survey in 2018.

Be Careful

You need to note, the creators of the app were smart enough to build it without a User Interface (UI). This means you will not see it in their app drawer after installation.

Unfortunately, that’s not the only one. Apparently there are two more similar malware apps. One asks for credit and another simply wipes your entire phone clean.

There have been several cases of fake apps. For example, in January 2019, there were 9 fake apps on the Google Play Store that amounted to over 8 million installs. Fake apps are certainly one of the top concerns for security experts.

You don’t have to fall victim to malicious apps. Just keep a lookout for any apps that seem fishy. And if you find one, report to the Play Store or App Store.

Do your best to keep away from such apps that could put you and your data in danger.

Explained: Why Does Electricity Go Off When it Starts Raining?

You may also like


  1. They mostly pose as early bird vpn

  2. […] While the COVID-19 pandemic sinks its teeth into Africa, there’s now a trojan malware making its rounds in Kenya through WhatsApp users, reports Gadgets Africa. […]

More comments

Leave a reply

Your email address will not be published. Required fields are marked *