Meta Platforms has sued a group of Chinese companies behind fake WhatsApp apps HeyMods, Highlight Mobi, and HeyWhatsApp for stealing over one million WhatsApp accounts since May 2022.

Meta owns Facebook, Instagram, and WhatsApp.

Bleeping Computer reports that the companies allegedly created “unofficial” Android WhatsApp apps that steal account credentials.

The apps were available for download from the HeyMods, Highlight Mobi, and HeyWhatsApp websites, as well as the Google Play Store, APK Pure, APKSFree, iDescargar, and Malavida.

The malicious apps contained malware that scraped WhatsApp login credentials and used the hacked accounts to send spam messages.

“After victims installed the Malicious Applications, they were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications,” Meta’s complaint reads.

“The Defendants programmed the Malicious Applications to communicate the user’s credentials to WhatsApp’s computers and obtain the users’ account keys and authentication information (collectively, ‘access information’).”

In July, WhatsApp boss Will Cathcart warned users that using fake or modified versions of WhatsApp on Android could lead to their personal information being stolen.

Cathcart explained that WhatsApp’s security research team found hidden malware within apps offering similar services to WhatsApp, available outside the Google Play Store from a developer called HeyMods.

“These apps promised new features but were just a scam to steal personal information stored on people’s phones,” Cathcart warned.

“We’ve shared what we found with Google and worked with them to combat the malicious apps.”