throbber
Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 1 of 76
`
`Ann Marie Mortimer (State Bar No. 169077)
`amortimer@HuntonAK.com
`Jason J. Kim (State Bar No. 221476)
`kimj@HuntonAK.com
`Brandon Marvisi (State Bar No. 329798)
`bmarvisi@HuntonAK.com
`HUNTON ANDREWS KURTH LLP
`550 South Hope Street, Suite 2000
`Los Angeles, California 90071-2627
`Telephone: (213) 532-2000
`Facsimile: (213) 532-2020
`
`Attorneys for Plaintiffs
`WHATSAPP LLC and META PLATFORMS, INC.
`
`UNITED STATES DISTRICT COURT
`
`NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`WHATSAPP LLC, a limited liability company
`organized under the laws of Delaware, and
`META PLATFORMS, INC. a Delaware
`corporation,
`
`CASE NO.: 3:22-CV-05711
`
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`Plaintiffs,
`
`v.
`
`ROCKEY TECH HK LTD., a private limited
`company organized under the laws of Hong
`Kong, China, BEIJING LUOKAI
`TECHNLOGY CO., LTD., a limited liability
`company organized under the laws of China,
`CHITCHAT TECHNOLOGY LTD., a limited
`liability company organized under the laws of
`Taiwan, collectively d/b/a “HeyMods,”
`“Highlight Mobi,” and “HeyWhatsApp,”
`
`Defendants.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 2 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`INTRODUCTION
`
`1.
`
`Beginning no later than May 2022 and continuing until at least July 2022, the
`
`Defendants (collectively doing business as “HeyMods,” “Highlight Mobi,” and “HeyWhatsApp”)
`
`misled over one million WhatsApp users into self-compromising their accounts as part of an account
`
`takeover attack. The self-compromised accounts were then used to send commercial spam
`
`messages. Defendants facilitated the attack by developing and distributing “unofficial” versions of
`
`the WhatsApp application on their website, heymods.com, and on third-party platforms, including
`
`the Google Play Store, APK Pure, APKSFree, iDescargar, and Malavida. Exhibits A-C.1
`
`Defendants developed and distributed multiple versions of at least two malicious applications, called
`
`10
`
`“AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and “Theme Store for Zap” (collectively,
`
`11
`
`“Malicious Applications”), and misused and infringed WhatsApp’s trademarks. Exhibits B-C. The
`
`12
`
`Malicious Applications contained malware and, once installed, were designed to collect the victims’
`
`13
`
`account authentication information, in order to take over the victims’ WhatsApp accounts for
`
`14
`
`unauthorized use, including sending commercial spam messages.
`
`15
`
`2.
`
`According to online sources, account takeover attacks have been on the rise across all
`
`16
`
`industries and cost online businesses and consumers billions of dollars in losses annually. Recent
`
`17
`
`reports show that account takeover fraud has increased by 148% in 2021. See
`
`18
`
`https://www.globenewswire.com/en/news-release/2021/02/09/2172197/0/en/NewData-from-Arkose-
`
`19
`
`Labs-Shows-Increased-Fraud-Across-All-Industries-Since-BlackFriday-with-Gift-Card-Fraud-and-
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`Account-Takeover-Attacks-Surging.html; https://techwireasia.com/2022/05/bad-bots-bad-bots-
`
`
`
`21
`
`whatcha-gonna-do/; https://www.forbes.com/sites/forbescommunicationscouncil/2022/07/18/the-
`
`22
`
`account-takeover-epidemic-a-wake-up-call-for-chief-digital-officers/?sh=5a1bf0244196.
`
`23
`
`3.
`
`Plaintiffs WhatsApp LLC (“WhatsApp”) and Meta Platforms, Inc. (“Meta”) have
`
`24
`
`previously disabled Defendants’ accounts and reported the Malicious Applications to the Google
`
`25
`
`Play Store and other third-party platforms. On July 11, 2022, WhatsApp issued a public
`
`26
`
`announcement warning its users not to download “fake or modified version[s] of WhatsApp,”
`
`27
`
`28
`
`
`1 Exhibits A, D-K and Figure Nos. 1-2 reflect machine translations using open source tooling to
`convert Mandarin text to English.
`
`
`
`1
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 3 of 76
`
`
`
`including Defendants’ HeyWhatsApp application. See https://twitter.com/wcathcart/status/
`
`154656795567 1961600. Plaintiffs bring this action to protect users and hold Defendants
`
`accountable for violations of Meta’s Terms of Service and Platform Terms, and WhatsApp’s Terms
`
`of Service (collectively, the “Terms”).
`
`PARTIES
`
`4.
`
`Meta is a Delaware corporation with its principal place of business in Menlo Park,
`
`San Mateo County, California. Meta acts as WhatsApp’s service provider for security-related issues.
`
`5.
`
`WhatsApp is a limited liability company organized under the laws of Delaware with
`
`its principal place of business in Menlo Park, San Mateo County, California.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`6.
`
`Defendant Rockey Tech HK Ltd. (“Rockey Tech”) is a private limited company
`
`11
`
`organized under the laws of Hong Kong, China with its principal place of business in Hong Kong,
`
`12
`
`China. Exhibits D-E.
`
`13
`
`7.
`
`Defendant Beijing Luokai Technology Co., Ltd. (“Luokai Technology”) is a limited
`
`14
`
`liability company organized under the laws of China with its principal place of business in Beijing,
`
`15
`
`China. Exhibit F.
`
`16
`
`8.
`
`Defendant ChitChat Technology Ltd. (“ChitChat Technology”) is a limited liability
`
`17
`
`company organized under the laws of Taiwan with its principal place of business in Taipei City,
`
`18
`
`Taiwan. Exhibit G. On information and belief, ChitChat Technology also does business under the
`
`19
`
`name “LiveIn Technology” or “LiveIn Technology Co., Ltd.” Compare Exhibit H (ChitChat
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`Technology’s LinkedIn Profile), with Exhibit I (LiveIn Technology’s LinkedIn Profile). ChitChat
`
`
`
`21
`
`Technology is the Taiwanese operation of Rockey Tech and Luokai Technology. Exhibit J.
`
`22
`
`9.
`
`According to Defendants’ website highlight.mobi, Defendants Rockey Tech and
`
`23
`
`Luokai Technology are an “internet company that specializes in overseas social networking” with
`
`24
`
`“more than 200 million overseas users,” and more than two billion daily active users. Exhibit J.
`
`25
`
`According to its LinkedIn profile, ChitChat Technology is a developer of “social and communication
`
`26
`
`products” and the “fastest growing overseas social application start-up company in the industry.”
`
`27
`
`Exhibit H.
`
`28
`
`
`
`2
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 4 of 76
`
`
`
`10.
`
`According to Defendants’ website highlight.mobi, Yao Yao (姚峣) is Defendants
`
`Rockey Tech and Luokai Technology’s Co-Founder and resides in Beijing, China. Exhibit J. Yao
`
`Yao created at least one Facebook Page on behalf of Defendant Rockey Tech and at least one
`
`business account on behalf of Defendant Luokai Technology. Figure 1 is a screenshot of Yao Yao’s
`
`image on Defendants’ website, highlight.mobi, on September 13, 2022.
`
`Figure 1: Yao Yao (姚峣)
`
`11.
`
`According to Defendants’ website highlight.mobi and Brad Chang’s LinkedIn profile,
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`Brad Chang (張宴晟 or Zhang Yancheng) is Defendant ChitChat Technology’s CEO and
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Defendants Rockey Tech and Luokai Technology’s Taiwanese partner and resides in Taipei,
`
`Taiwan. Exhibits J-K. Brad Chang created at least three Facebook applications on behalf of
`
`Defendant Rockey Tech and at least two business accounts and one Facebook Page on behalf of
`
`Defendant ChitChat Technology. Figure 2 is a screenshot of Brad Chang’s image on Defendants’
`
`website, highlight.mobi, on September 13, 2022.
`
`//
`
`//
`
`//
`
`
`
`3
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 5 of 76
`
`
`
`Figure 2: Brad Chang (張宴晟)
`
`
`
`
`12.
`
`At all times material to this action, each Defendant was the agent, partner, alter ego,
`
`subsidiary, and/or co-conspirator of and with the other Defendant, and the acts of each Defendant
`
`were in the scope of that relationship. In doing the acts and failing to act as alleged in this
`
`Complaint, each Defendant acted with the knowledge, permission, and consent of each other; and
`
`each Defendant aided and abetted each other.
`
`JURISDICTION AND VENUE
`
`13.
`
`The Court has jurisdiction under 28 U.S.C. § 1332 over all causes of action alleged in
`
`this Complaint because complete diversity exists and the amount in controversy exceeds $75,000.
`
`14.
`
`The Court has personal jurisdiction over Defendants because they knowingly directed
`
`and targeted their scheme at Meta and WhatsApp, which have their principal places of business in
`
`California. Defendants used Meta’s developer and advertising platforms, and transacted business
`
`using Meta’s services, and otherwise engaged in commerce in California. Defendants also
`
`distributed their Malicious Applications on California-based platforms.
`
`15.
`
`The Court also has personal jurisdiction over Defendants because Defendants agreed
`
`to Plaintiffs’ Terms by accessing and using Meta’s and WhatsApp’s services, respectively. By
`
`agreeing to the Terms, Defendants, in relevant part, agreed to submit to the personal jurisdiction of
`
`this Court, and that California law would govern.
`
`
`
`4
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 6 of 76
`
`
`
`16.
`
`Venue is proper in this District under 28 U.S.C. § 1391(b) because a substantial part
`
`of the events giving rise to the claims asserted in this lawsuit occurred here.
`
`17.
`
`Pursuant to Civil L.R. 3-2(c), this case may be assigned to either the San Francisco or
`
`Oakland division because Plaintiffs are located in San Mateo County.
`
`FACTUAL ALLEGATIONS
`
`A.
`
`Background on WhatsApp
`
`18. WhatsApp provides an encrypted communication service available on mobile devices
`
`and desktop computers (the “WhatsApp Service”). More than 2 billion people in 180 countries use
`
`the WhatsApp Service. Users must install the WhatsApp application to use the WhatsApp Service.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`19.
`
`Every type of communication (calls, video calls, chats, group chats, images, videos,
`
`11
`
`voice messages, and file transfers) on the WhatsApp Service is encrypted during its transmission
`
`12
`
`between users. This encryption protocol was designed to ensure that no one other than the intended
`
`13
`
`recipient could read any communication sent using the WhatsApp Service.
`
`14
`
`20.
`
`Use and access to the WhatsApp Service, and interactions with WhatsApp’s computer
`
`15
`
`systems, is governed by WhatsApp’s Terms of Service (“WhatsApp Terms”).
`
`16
`
`21.
`
`In October 2014, Meta acquired WhatsApp. At all times relevant to this action, Meta
`
`17
`
`has served as WhatsApp’s service provider, which entails providing both infrastructure and security
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`18
`
`for WhatsApp.
`
`19
`
`20
`
`B. WhatsApp’s Terms of Service
`
`22.
`
`Every WhatsApp user must create an account and agree and consent to the WhatsApp
`
`
`
`21
`
`Terms (available at https://www.whatsapp.com/legal/terms-of-service).
`
`22
`
`23.
`
`The WhatsApp Terms state that “You must use [the WhatsApp Service] according to
`
`23
`
`our Terms and policies” and that users agree to “access and use [WhatsApp’s] Services only for
`
`24
`
`legal, authorized, and acceptable purposes.”
`
`25
`
`24. WhatsApp Terms prohibit–whether directly, indirectly, through automated or other
`
`26
`
`means–from, among other things:
`
`27
`
`a.
`
`“[E]xploiting [WhatsApp’s] Services in impermissible or unauthorized manners, or in
`
`28
`
`ways that burden, impair, or harm [WhatsApp], [its] Services, systems, [its] users, or others”;
`
`
`
`5
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 7 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`b.
`
`“[R]everse engineer[ing], alter[ing], modify[ing], creative derivative works from,
`
`decompile[ing], or extract[ing] code from [WhatsApp] Services”;
`
`c.
`
`“[S]end[ing], stor[ing], or transmit[ting] viruses or other harmful computer code from
`
`or onto [WhatsApp] Services”;
`
`d.
`
`“[G]ain[ing] or attempt[ing] to gain unauthorized access to [WhatsApp] Services or
`
`systems”;
`
`e.
`
`“Interfere[ing] with or disrupt[ing] the safety, security, confidentiality, integrity,
`
`availability, or performance of [WhatsApp] Services”;
`
`f.
`
`“[C]ollect[ing] information of or about [WhatsApp] users in any impermissible or
`
`10
`
`unauthorized manner”;
`
`11
`
`g.
`
`“[S]ell[ing], resell[ing], rent[ing], or charg[ing] for [WhatsApp] Services or data
`
`12
`
`obtained from [WhatsApp] or [WhatsApp] Services in an unauthorized manner”;
`
`13
`
`h.
`
`“[C]reat[ing] software or APIs that function substantially the same as [WhatsApp]
`
`14
`
`Services and offer them for use by third parties in an unauthorized manner”;
`
`15
`
`i.
`
`Using the WhatsApp Services in ways that “violate, misappropriate, or infringe the
`
`16
`
`rights of WhatsApp, or [its] users, or others, including privacy, publicity, intellectual property, or
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`17
`
`other proprietary rights”; and
`
`18
`
`j.
`
`Using WhatsApp for “any non-personal use of [WhatsApp’s] Services unless
`
`19
`
`otherwise authorized by [WhatsApp].”
`
`20
`
`25.
`
`The WhatsApp’s Terms prohibit users not just from personally engaging in the
`
`
`
`21
`
`conduct listed above, but also from assisting others in doing so.
`
`22
`
`23
`
`C.
`
`Background on Meta and Facebook
`
`26. Meta owns and operates Facebook, a social networking website and mobile
`
`24
`
`application that enables its users to create their own personal profiles and connect with each other on
`
`25
`
`mobile devices and personal computers. As of June 2022, Facebook daily active users averaged 1.97
`
`26
`
`billion and monthly active users averaged 2.93 billion.
`
`27
`
`27.
`
`A Facebook Page is a public profile on Facebook used to promote a business or other
`
`28
`
`commercial, political, or charitable organization or endeavor.
`
`
`
`6
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 8 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`28. Meta’s Audience Network is a product that Meta offers to enable advertisers to
`
`display their ads to people who use third-party (non-Meta) apps and websites. By integrating their
`
`apps with Audience Network, third-party mobile app developers can generate revenue by displaying
`
`ads to Meta users who use their apps. To implement Audience Network, a third-party mobile app
`
`developer adds code provided by Meta to their app, which will show and track the Audience
`
`Network ads (the “Audience Network SDK”). Meta pays the third-party mobile app developers a
`
`percentage of the net revenue generated from the ads delivered on their apps. Generally, the
`
`payment amounts depend on the number of clicks attributed to the ads displayed on a particular app
`
`through Audience Network.
`
`10
`
`29. Meta also operates a developer platform referred to as the “Meta Platform.” This
`
`11
`
`platform enables app developers (“Developers”) to run apps that interact with Meta and Meta users.
`
`12
`
`30.
`
`Access to and interaction with Meta’s computer systems is governed by Meta’s
`
`13
`
`Terms of Service (“Meta Terms”) and other policies, including the Platform Terms and Developer
`
`14
`
`Policies.
`
`15
`
`16
`
`D. Meta’s Terms of Service and Platform Terms and Policies
`
`31.
`
`All Facebook users, including Developers, agree to comply with the Meta Terms
`
`17
`
`when they create a Facebook account. Everyone who uses Facebook must agree to the Meta Terms
`
`18
`
`(available at https://www.facebook.com/terms.php?ref=pf), and other rules that govern different
`
`19
`
`types of access to, and use of, Facebook. These other rules include Meta’s Platform Terms
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`(available at https://developers.facebook.com/terms/dfc_platform_terms) and Developer Policies
`
`
`
`21
`
`(available at https://developers.facebook.com/devpolicy/).
`
`22
`
`32.
`
`Section 3.2.1 of the Meta Terms prohibits using Facebook to do anything that
`
`23
`
`“violates these Terms . . . and other terms and policies,” “is unlawful, misleading, discriminatory or
`
`24
`
`fraudulent,” or “infringes or violates someone else’s rights.”
`
`25
`
`26
`
`33.
`
`The relevant Meta Platform Terms include:
`
`a.
`
`“[Meta] or Third-Party Auditors may conduct an Audit . . . to ensure that your and
`
`27
`
`your App’s Processing of Platform Data is and has been in compliance with these Terms and all
`
`28
`
`other applicable terms and policies.” Section 7.c.i.
`
`
`
`7
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 9 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`b.
`
`“You will cooperate with the audits, including by (1) providing all necessary physical
`
`and remote access to your IT Systems and Records, and (2) providing information and assistance as
`
`reasonably requested . . . .” Section 7.c.iii.
`
`c.
`
`“From time to time, [Meta] may request . . . information, certifications, and
`
`attestations relating to your use of Platform or Processing of Platform Data, which you will provide
`
`to [Meta] in the requested timeframe and form.” Section 7.d.
`
`d.
`
`E.
`
`“You also must comply with all applicable laws and regulations . . ..” Section 11.b.
`
`Defendants Agreed to the WhatsApp Terms
`
`34.
`
`At all times relevant to this Complaint, Defendants were bound by the WhatsApp
`
`10
`
`Terms.
`
`11
`
`35.
`
`Between November 2018 and July 2022, Defendants created and caused to be created
`
`12
`
`approximately ten WhatsApp accounts and agreed to the WhatsApp Terms. For example, on or
`
`13
`
`about January 11, 2019, Defendants’ principal, Brad Chang created a WhatsApp account and agreed
`
`14
`
`to the WhatsApp Terms on their behalf. Likewise, on or about May 23, 2022, Defendants Rockey
`
`15
`
`Tech and Luokai Technology’s Co-Founder, Yao Yao, created a WhatsApp account and agreed to
`
`16
`
`the WhatsApp Terms on their behalf.
`
`17
`
`18
`
`F.
`
`36.
`
`Defendants Agreed to the Meta Terms and Platform Terms
`
`At all relevant times, Defendants were Facebook users that agreed to and were bound
`
`19
`
`by the Meta Terms. In total, Defendants owned and controlled more than five business accounts,
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`five Facebook Pages, and thirty-five Facebook applications.
`
`
`
`21
`
`37.
`
`Defendant Rockey Tech: On or about March 24, 2020, Yao Yao created a Facebook
`
`22
`
`Page named “Rockey Tech.” Through creation and use of this Page, Yao Yao agreed to the Meta
`
`23
`
`Terms on Defendant Rockey Tech’s behalf. On or about October 23, 2019, January 13, 2020, and
`
`24
`
`August 13, 2021, Brad Chang created three Facebook applications (“Status Saver - Audience
`
`25
`
`Network,” “Sticker - Audience Network,” and “Status Keeper - Audience Network,” respectively)
`
`26
`
`that integrated with Meta’s Audience Network on Defendant Rockey Tech’s behalf. Through
`
`27
`
`creation and use of these Audience Network integrations, Brad Chang agreed to the Meta Terms and
`
`28
`
`Platform Terms on Defendant Rockey Tech’s behalf.
`
`
`
`8
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 10 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`38.
`
`Defendant Luokai Technology: On or about June 1, 2020, Yao Yao created a
`
`business account in the name of “Beijing Luokai Technology Co., Ltd.” Through creation and use
`
`of this and other accounts, Yao Yao agreed to the Meta Terms on Defendant Luokai Technology’s
`
`behalf. On or about August 13, 2021, an agent of Defendant Luokai Technology created a business
`
`account and Facebook Page both named “Beijing Luokai Technology Co., Ltd.” and a Facebook
`
`application named “Highlight” and agreed to the Meta Terms and Platform Terms on Defendant
`
`Luokai Technology’s behalf.
`
`39.
`
`Defendant ChitChat Technology: On or about September 28, 2022, Brad Chang
`
`created two business accounts in the names of “ChitChat” and “ChitChat Tech,” respectively, and a
`
`10
`
`Facebook Page named “ChitChat Technology” on Defendant ChitChat Technology’s behalf.
`
`11
`
`Through creation and use of these accounts and Page, Brad Chang agreed to the Meta Terms on
`
`12
`
`Defendant ChitChat Technology’s behalf. On or about October 7, 2020 and November 25, 2020, an
`
`13
`
`agent of Defendant ChitChat Technology created two Facebook applications (“Status saver new -
`
`14
`
`Audience Network” and “Status saver,” respectively) that integrated with Meta’s Audience Network
`
`15
`
`on its behalf. Through creation and use of these Audience Network integrations, this Facebook user
`
`16
`
`agreed to the Meta Terms and Platform Terms on Defendant ChitChat Technology’s behalf.
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`17
`
`18
`
`19
`
`G.
`
`Defendants’ Account Takeover Attack
`
`1.
`
`Overview
`
`40.
`
`Beginning no later than May 2022 continuing until at least July 2022, Defendants
`
`20
`
`facilitated an account takeover attack targeting WhatsApp and its users. Defendants’ scheme
`
`
`
`21
`
`proceeded as follows:
`
`22
`
`41.
`
`First, Defendants developed and distributed on various websites, including
`
`23
`
`heymods.com and the Google Play Store, at least two Malicious Applications and multiple versions
`
`24
`
`thereof, which contained malware and were designed to trick victims into self-compromising their
`
`25
`
`WhatsApp accounts. Exhibits A-C. Defendants also promoted their Malicious Applications on
`
`26
`
`Facebook.
`
`27
`
`28
`
`
`
`9
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 11 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`42.
`
`Second, through the Malicious Applications, Defendants facilitated the
`
`misappropriation of users’ WhatsApp account keys, which include authentication information from
`
`the victim’s device, and used them to access the victim’s WhatsApp account without authorization.
`
`43.
`
`Third, once Defendants gained unauthorized access to a victim’s WhatsApp account,
`
`they caused the account to be used without authorization and for improper purposes, including to
`
`send commercial spam.
`
`2.
`
`Defendants’ Development and Distribution of the Malicious Applications
`
`44.
`
`Between approximately June 2021 and July 2022, Defendants developed and
`
`distributed multiple unofficial versions of WhatsApp and at least two of these contained malware.
`
`10
`
`See, e.g., Exhibits A-C. For example, Figure 3 is a screenshot of one of the unofficial versions of
`
`11
`
`WhatsApp, which Defendants made available at malavida.com and called “HeyWhatsApp Android
`
`12
`
`20.50.0” on June 14, 2022. On the Google Play Store, Defendants listed the developer of these
`
`13
`
`Malicious Applications as “HeyMods Yo Gb Plus WaMods,” with the e-mail address
`
`14
`
`gb.wamods@gmail.com. Exhibits B-C.
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Figure 3: Defendants’ “HeyWhatsApp Android 20.50.0”
`available on malavida.com on June 14, 2022
`
`
`
`10
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`
`
`3:22-CV-05711
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 12 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`45.
`
`Between at least June 7, 2021 and July 2022, one of the Malicious Applications made
`
`available by Defendants on the Google Play Store was called, “AppUpdater for WhatsPlus 2021 GB
`
`Yo FM HeyMods.” Exhibit B. According to Defendants, this application was designed to
`
`automatically update any of Defendants’ unofficial WhatsApp applications installed on the victims’
`
`device. Id. According to the Google Play Store, this application was installed by more than one
`
`million users. Id.
`
`46.
`
`Between at least March 3, 2022 and July 2022, another Malicious Application
`
`Defendants made available on the Google Play Store was called “Theme Store for Zap.” Exhibit C.
`
`According to Defendants, this application was designed to modify other versions of unofficial
`
`10
`
`WhatsApp applications, including modifying the applications’ colors. Id. According to the Google
`
`11
`
`Play Store, this application was installed by more than 100,000 users. Id.
`
`12
`
`47.
`
`Defendants tricked victims into installing the Malicious Applications by
`
`13
`
`misrepresenting them on the Google Play Store as legitimate alternatives to WhatsApp. For
`
`14
`
`example, Defendants promoted the Malicious Application “AppUpdater for WhatsPlus 2021 GB Yo
`
`15
`
`FM HeyMods” as a tool to “receive the latest update and latest new feature notification of [multiple
`
`16
`
`unofficial WhatsApp applications] from HeyMods.” Exhibit B. Defendants promoted the Malicious
`
`17
`
`Application “Theme Store for Zap” as a tool to change the look-and-feel or “theme” of multiple
`
`18
`
`unofficial WhatsApp applications developed by Defendants. Exhibit C. In fact, the Malicious
`
`19
`
`Applications contained malware designed to facilitate an account takeover attack and were not
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`affiliated with WhatsApp or Meta. Defendants did not disclose on the Google Play Store or in its
`
`
`
`21
`
`Privacy Policies that this application contained malware designed to collect the users WhatsApp
`
`22
`
`authentication information. See Exhibits L-M.
`
`23
`
`48.
`
`Defendants also promoted their website heymods.com on Facebook. For example, on
`
`24
`
`or about July 14, 2020, Defendant Luokai Technology created the Facebook Page, “Animated
`
`25
`
`Sticker Maker for WhatsApp - WAStickerApps,” to promote Defendants’ unofficial WhatsApp
`
`26
`
`applications available on heymods.com.
`
`27
`
`28
`
`
`
`11
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 13 of 76
`
`
`
`3.
`
`49.
`
`Defendants Gained Unauthorized Access to Victims’ WhatsApp Accounts
`
`After victims installed the Malicious Applications, they were prompted to enter their
`
`WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications.
`
`The Defendants programmed the Malicious Applications to communicate the user’s credentials to
`
`WhatsApp’s computers and obtain the users’ account keys and authentication information
`
`(collectively, “access information”). Defendants also programmed the Malicious Applications to
`
`send the victim’s access information to computers controlled by Defendants using some of the
`
`following domains: hzdy.birxpk.com, cx48t3.khvi3w.com, uz1dtd.khvi3w.com, pdhegk.nxsoaa.com,
`
`and 96oh21.nxsoaa.com.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`50.
`
`Defendants’ privacy policies for the Malicious Applications misrepresented that
`
`11
`
`Defendants collected only “Technical Data and Device information such as network connection type
`
`12
`
`(e.g., WiFi, 3G, 4G), browser type, language, operating system, [] your provider, network and device
`
`13
`
`performance, the unique device identifier assigned to that device by phone makers, carriers, or
`
`14
`
`maker s [sic] of the operating system, application status, [] usage statistic[s], your usage.” Exhibits
`
`15
`
`L-M. Defendants further represented that “[t]he only purpose” of collecting such information “is to
`
`16
`
`improve [their] service, to make the application run faster and use less storage and data.” Id.
`
`17
`
`(emphasis added). In fact, Defendants collected access information for improper purposes, including
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`18
`
`spam.
`
`19
`
`51.
`
`For example, on or about May 16, 2022, a WhatsApp user located in the United
`
`20
`
`Kingdom installed one of the Malicious Applications. The user’s WhatsApp account was then
`
`
`
`21
`
`accessed using the access information collected through the Malicious Applications without
`
`22
`
`WhatsApp’s or the user’s authorization.
`
`23
`
`24
`
`25
`
`4.
`
`The Compromised WhatsApp Accounts Were Used to Send Commercial
`
`Spam Messages
`
`52.
`
`Defendants used or caused their unauthorized access to be used to send thousands of
`
`26
`
`spam messages on WhatsApp.
`
`27
`
`53.
`
`Between approximately May 2022 and continuing to at least July 2022, Defendants
`
`28
`
`used or caused the victims’ WhatsApp Accounts to be used to send unauthorized spam messages.
`
`
`
`12
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 14 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`The unauthorized access and spam messages promoted third-party websites, including
`
`www.222atm.com, www.28.city, https://panda95.live/RF1817A311, https://panda95.live/RF,
`
`https://cutt.ly/oGlcJ0G, https://cutt.ly/FGlc8nZ. The spam messages were directed at WhatsApp
`
`users around the world, including users in Hong Kong, Indonesia, Malaysia, and Singapore.
`
`H. Meta’s Enforcement and Request for an Audit Pursuant to the Platform Terms
`
`54.
`
`In July and August 2022, WhatsApp disabled Defendants’ WhatsApp accounts and
`
`Meta disabled Defendants’ Facebook user accounts, business accounts, ad accounts, applications,
`
`and Pages, and Instagram user accounts.
`
`55.
`
`On or about July 7, 2022, Plaintiffs also sent each Defendant a cease and desist letter.
`
`10
`
`Exhibit N. Meta further requested an audit of Defendants’ systems pursuant to Facebook Platform
`
`11
`
`Policy 7.c. Id. WhatsApp also notified Google that Malicious Applications in the Google Play Store
`
`12
`
`contained malware designed to facilitate account takeovers.
`
`13
`
`56.
`
`Between July 21 and August 12, 2022, Plaintiff’s counsel sent additional
`
`14
`
`correspondence to Defendants requesting a response to the July 7 cease and desist letter and audit
`
`15
`
`demand. To date, Defendants have not responded. However, on July 18, 2022, Defendants
`
`16
`
`announced on Telegram that “[d]ue to some circumstances, the heymods team will stop updating
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`17
`
`apps in the heymods family.” Exhibit O.
`
`18
`
`19
`
`I.
`
`57.
`
`Defendants’ Unlawful Acts Have Caused Damage and a Loss to Plaintiffs
`
`Defendants’ breaches of Plaintiffs’ Terms and other misconduct described above have
`
`20
`
`harmed Plaintiffs, including by negatively impacting Plaintiffs’ services.
`
`
`
`21
`
`58.
`
`Defendants’ misconduct has caused Plaintiffs to spend resources investigating and
`
`22
`
`redressing Defendants’ wrongful conduct. Plaintiffs have suffered damages attributable to the
`
`23
`
`efforts and resources they have used to investigate, address, and mitigate the matters set forth in this
`
`24
`
`Complaint.
`
`25
`
`26
`
`27
`
`28
`
`FIRST CAUSE OF ACTION
`
`(Breach of Contract)
`
`by Plaintiff WhatsApp LLC against Defendants
`
`59. WhatsApp incorporates all other paragraphs as if fully set forth herein.
`
`
`
`13
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`

`

`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 15 of 76
`
`
`
`60.
`
`Defendants agreed and became bound by the WhatsApp Terms when they, through
`
`their principals and agents, created various WhatsApp accounts.
`
`61.
`
`Defendants breached their agreement with WhatsApp by taking the actions described
`
`above in violation of the WhatsApp Terms.
`
`62. WhatsApp has performed all conditions, covenants, and promises required of it in
`
`accordance with its agreement with Defendants.

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket