Meta, WhatsApp Sue Chinese Companies Behind Summer 2022 WhatsApp ‘Takeover’ Attacks

A lawsuit filed Monday by Meta Platforms Inc. and WhatsApp LLC accused two Chinese and one Taiwanese company of perpetrating a massive fraud whereby they convinced over one million WhatsApp users to self-compromise their accounts as part of an account takeover attack. The breach of contract action says that the defendants violated the plaintiffs’ terms of service by using victims’ accounts to send commercial spam.

The defendants are Rockey Tech Hk Ltd, Beijing Luokai Technology Co. Ltd., and Chitchat Technology Ltd, which do business as “HeyMods,” “Highlight Mobi,” and “HeyWhatsApp.” Allegedly, Rockey Tech and Luokai Technology self-describe as an “internet company that specializes in overseas social networking” with more than two billion daily active users, while ChitChat Technology, according to its LinkedIn profile, is a developer of “social and communication products” and the “fastest growing overseas social application start-up company in the industry.”

Reportedly, from about May to July 2022, the defendants developed and distributed two “unofficial” versions of WhatsApp available on and the Google Play Store that were really malicious applications containing malware. They were designed with the purpose of tricking victims into self-compromising their WhatsApp accounts, the complaint said.

The defendants used the malicious applications to “facilitate[] the misappropriation of users’ WhatsApp account keys, which include authentication information from the victim’s device, and used them to access the victim’s WhatsApp account without authorization.” Once they gained control of a victim’s account, the defendants leveraged it to send commercial spam. According to the complaint, the conduct violates both Meta Platforms’ and WhatsApp’s terms of use, which the defendants, users of both services, were bound by.

Meta investigated the matter, requested an audit of the defendants, sent cease and desist letters, and eventually disabled their WhatsApp, Facebook, and Instagram accounts.

Lacking a meaningful response to their probes, Meta and WhatsApp filed suit to remediate the defendants’ misconduct, which has negatively impacted their services and caused them to expend unnecessary resources.

The plaintiffs each assert a cause of action for breach of contract. They are represented by Hunton Andrews Kurth LLP.