`
`Ann Marie Mortimer (State Bar No. 169077)
`amortimer@HuntonAK.com
`Jason J. Kim (State Bar No. 221476)
`kimj@HuntonAK.com
`Brandon Marvisi (State Bar No. 329798)
`bmarvisi@HuntonAK.com
`HUNTON ANDREWS KURTH LLP
`550 South Hope Street, Suite 2000
`Los Angeles, California 90071-2627
`Telephone: (213) 532-2000
`Facsimile: (213) 532-2020
`
`Attorneys for Plaintiffs
`WHATSAPP LLC and META PLATFORMS, INC.
`
`UNITED STATES DISTRICT COURT
`
`NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`WHATSAPP LLC, a limited liability company
`organized under the laws of Delaware, and
`META PLATFORMS, INC. a Delaware
`corporation,
`
`CASE NO.: 3:22-CV-05711
`
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`Plaintiffs,
`
`v.
`
`ROCKEY TECH HK LTD., a private limited
`company organized under the laws of Hong
`Kong, China, BEIJING LUOKAI
`TECHNLOGY CO., LTD., a limited liability
`company organized under the laws of China,
`CHITCHAT TECHNOLOGY LTD., a limited
`liability company organized under the laws of
`Taiwan, collectively d/b/a “HeyMods,”
`“Highlight Mobi,” and “HeyWhatsApp,”
`
`Defendants.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 2 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`INTRODUCTION
`
`1.
`
`Beginning no later than May 2022 and continuing until at least July 2022, the
`
`Defendants (collectively doing business as “HeyMods,” “Highlight Mobi,” and “HeyWhatsApp”)
`
`misled over one million WhatsApp users into self-compromising their accounts as part of an account
`
`takeover attack. The self-compromised accounts were then used to send commercial spam
`
`messages. Defendants facilitated the attack by developing and distributing “unofficial” versions of
`
`the WhatsApp application on their website, heymods.com, and on third-party platforms, including
`
`the Google Play Store, APK Pure, APKSFree, iDescargar, and Malavida. Exhibits A-C.1
`
`Defendants developed and distributed multiple versions of at least two malicious applications, called
`
`10
`
`“AppUpdater for WhatsPlus 2021 GB Yo FM HeyMods” and “Theme Store for Zap” (collectively,
`
`11
`
`“Malicious Applications”), and misused and infringed WhatsApp’s trademarks. Exhibits B-C. The
`
`12
`
`Malicious Applications contained malware and, once installed, were designed to collect the victims’
`
`13
`
`account authentication information, in order to take over the victims’ WhatsApp accounts for
`
`14
`
`unauthorized use, including sending commercial spam messages.
`
`15
`
`2.
`
`According to online sources, account takeover attacks have been on the rise across all
`
`16
`
`industries and cost online businesses and consumers billions of dollars in losses annually. Recent
`
`17
`
`reports show that account takeover fraud has increased by 148% in 2021. See
`
`18
`
`https://www.globenewswire.com/en/news-release/2021/02/09/2172197/0/en/NewData-from-Arkose-
`
`19
`
`Labs-Shows-Increased-Fraud-Across-All-Industries-Since-BlackFriday-with-Gift-Card-Fraud-and-
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`Account-Takeover-Attacks-Surging.html; https://techwireasia.com/2022/05/bad-bots-bad-bots-
`
`
`
`21
`
`whatcha-gonna-do/; https://www.forbes.com/sites/forbescommunicationscouncil/2022/07/18/the-
`
`22
`
`account-takeover-epidemic-a-wake-up-call-for-chief-digital-officers/?sh=5a1bf0244196.
`
`23
`
`3.
`
`Plaintiffs WhatsApp LLC (“WhatsApp”) and Meta Platforms, Inc. (“Meta”) have
`
`24
`
`previously disabled Defendants’ accounts and reported the Malicious Applications to the Google
`
`25
`
`Play Store and other third-party platforms. On July 11, 2022, WhatsApp issued a public
`
`26
`
`announcement warning its users not to download “fake or modified version[s] of WhatsApp,”
`
`27
`
`28
`
`
`1 Exhibits A, D-K and Figure Nos. 1-2 reflect machine translations using open source tooling to
`convert Mandarin text to English.
`
`
`
`1
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 3 of 76
`
`
`
`including Defendants’ HeyWhatsApp application. See https://twitter.com/wcathcart/status/
`
`154656795567 1961600. Plaintiffs bring this action to protect users and hold Defendants
`
`accountable for violations of Meta’s Terms of Service and Platform Terms, and WhatsApp’s Terms
`
`of Service (collectively, the “Terms”).
`
`PARTIES
`
`4.
`
`Meta is a Delaware corporation with its principal place of business in Menlo Park,
`
`San Mateo County, California. Meta acts as WhatsApp’s service provider for security-related issues.
`
`5.
`
`WhatsApp is a limited liability company organized under the laws of Delaware with
`
`its principal place of business in Menlo Park, San Mateo County, California.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`6.
`
`Defendant Rockey Tech HK Ltd. (“Rockey Tech”) is a private limited company
`
`11
`
`organized under the laws of Hong Kong, China with its principal place of business in Hong Kong,
`
`12
`
`China. Exhibits D-E.
`
`13
`
`7.
`
`Defendant Beijing Luokai Technology Co., Ltd. (“Luokai Technology”) is a limited
`
`14
`
`liability company organized under the laws of China with its principal place of business in Beijing,
`
`15
`
`China. Exhibit F.
`
`16
`
`8.
`
`Defendant ChitChat Technology Ltd. (“ChitChat Technology”) is a limited liability
`
`17
`
`company organized under the laws of Taiwan with its principal place of business in Taipei City,
`
`18
`
`Taiwan. Exhibit G. On information and belief, ChitChat Technology also does business under the
`
`19
`
`name “LiveIn Technology” or “LiveIn Technology Co., Ltd.” Compare Exhibit H (ChitChat
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`Technology’s LinkedIn Profile), with Exhibit I (LiveIn Technology’s LinkedIn Profile). ChitChat
`
`
`
`21
`
`Technology is the Taiwanese operation of Rockey Tech and Luokai Technology. Exhibit J.
`
`22
`
`9.
`
`According to Defendants’ website highlight.mobi, Defendants Rockey Tech and
`
`23
`
`Luokai Technology are an “internet company that specializes in overseas social networking” with
`
`24
`
`“more than 200 million overseas users,” and more than two billion daily active users. Exhibit J.
`
`25
`
`According to its LinkedIn profile, ChitChat Technology is a developer of “social and communication
`
`26
`
`products” and the “fastest growing overseas social application start-up company in the industry.”
`
`27
`
`Exhibit H.
`
`28
`
`
`
`2
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 4 of 76
`
`
`
`10.
`
`According to Defendants’ website highlight.mobi, Yao Yao (姚峣) is Defendants
`
`Rockey Tech and Luokai Technology’s Co-Founder and resides in Beijing, China. Exhibit J. Yao
`
`Yao created at least one Facebook Page on behalf of Defendant Rockey Tech and at least one
`
`business account on behalf of Defendant Luokai Technology. Figure 1 is a screenshot of Yao Yao’s
`
`image on Defendants’ website, highlight.mobi, on September 13, 2022.
`
`Figure 1: Yao Yao (姚峣)
`
`11.
`
`According to Defendants’ website highlight.mobi and Brad Chang’s LinkedIn profile,
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`Brad Chang (張宴晟 or Zhang Yancheng) is Defendant ChitChat Technology’s CEO and
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Defendants Rockey Tech and Luokai Technology’s Taiwanese partner and resides in Taipei,
`
`Taiwan. Exhibits J-K. Brad Chang created at least three Facebook applications on behalf of
`
`Defendant Rockey Tech and at least two business accounts and one Facebook Page on behalf of
`
`Defendant ChitChat Technology. Figure 2 is a screenshot of Brad Chang’s image on Defendants’
`
`website, highlight.mobi, on September 13, 2022.
`
`//
`
`//
`
`//
`
`
`
`3
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 5 of 76
`
`
`
`Figure 2: Brad Chang (張宴晟)
`
`
`
`
`12.
`
`At all times material to this action, each Defendant was the agent, partner, alter ego,
`
`subsidiary, and/or co-conspirator of and with the other Defendant, and the acts of each Defendant
`
`were in the scope of that relationship. In doing the acts and failing to act as alleged in this
`
`Complaint, each Defendant acted with the knowledge, permission, and consent of each other; and
`
`each Defendant aided and abetted each other.
`
`JURISDICTION AND VENUE
`
`13.
`
`The Court has jurisdiction under 28 U.S.C. § 1332 over all causes of action alleged in
`
`this Complaint because complete diversity exists and the amount in controversy exceeds $75,000.
`
`14.
`
`The Court has personal jurisdiction over Defendants because they knowingly directed
`
`and targeted their scheme at Meta and WhatsApp, which have their principal places of business in
`
`California. Defendants used Meta’s developer and advertising platforms, and transacted business
`
`using Meta’s services, and otherwise engaged in commerce in California. Defendants also
`
`distributed their Malicious Applications on California-based platforms.
`
`15.
`
`The Court also has personal jurisdiction over Defendants because Defendants agreed
`
`to Plaintiffs’ Terms by accessing and using Meta’s and WhatsApp’s services, respectively. By
`
`agreeing to the Terms, Defendants, in relevant part, agreed to submit to the personal jurisdiction of
`
`this Court, and that California law would govern.
`
`
`
`4
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 6 of 76
`
`
`
`16.
`
`Venue is proper in this District under 28 U.S.C. § 1391(b) because a substantial part
`
`of the events giving rise to the claims asserted in this lawsuit occurred here.
`
`17.
`
`Pursuant to Civil L.R. 3-2(c), this case may be assigned to either the San Francisco or
`
`Oakland division because Plaintiffs are located in San Mateo County.
`
`FACTUAL ALLEGATIONS
`
`A.
`
`Background on WhatsApp
`
`18. WhatsApp provides an encrypted communication service available on mobile devices
`
`and desktop computers (the “WhatsApp Service”). More than 2 billion people in 180 countries use
`
`the WhatsApp Service. Users must install the WhatsApp application to use the WhatsApp Service.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`19.
`
`Every type of communication (calls, video calls, chats, group chats, images, videos,
`
`11
`
`voice messages, and file transfers) on the WhatsApp Service is encrypted during its transmission
`
`12
`
`between users. This encryption protocol was designed to ensure that no one other than the intended
`
`13
`
`recipient could read any communication sent using the WhatsApp Service.
`
`14
`
`20.
`
`Use and access to the WhatsApp Service, and interactions with WhatsApp’s computer
`
`15
`
`systems, is governed by WhatsApp’s Terms of Service (“WhatsApp Terms”).
`
`16
`
`21.
`
`In October 2014, Meta acquired WhatsApp. At all times relevant to this action, Meta
`
`17
`
`has served as WhatsApp’s service provider, which entails providing both infrastructure and security
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`18
`
`for WhatsApp.
`
`19
`
`20
`
`B. WhatsApp’s Terms of Service
`
`22.
`
`Every WhatsApp user must create an account and agree and consent to the WhatsApp
`
`
`
`21
`
`Terms (available at https://www.whatsapp.com/legal/terms-of-service).
`
`22
`
`23.
`
`The WhatsApp Terms state that “You must use [the WhatsApp Service] according to
`
`23
`
`our Terms and policies” and that users agree to “access and use [WhatsApp’s] Services only for
`
`24
`
`legal, authorized, and acceptable purposes.”
`
`25
`
`24. WhatsApp Terms prohibit–whether directly, indirectly, through automated or other
`
`26
`
`means–from, among other things:
`
`27
`
`a.
`
`“[E]xploiting [WhatsApp’s] Services in impermissible or unauthorized manners, or in
`
`28
`
`ways that burden, impair, or harm [WhatsApp], [its] Services, systems, [its] users, or others”;
`
`
`
`5
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 7 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`b.
`
`“[R]everse engineer[ing], alter[ing], modify[ing], creative derivative works from,
`
`decompile[ing], or extract[ing] code from [WhatsApp] Services”;
`
`c.
`
`“[S]end[ing], stor[ing], or transmit[ting] viruses or other harmful computer code from
`
`or onto [WhatsApp] Services”;
`
`d.
`
`“[G]ain[ing] or attempt[ing] to gain unauthorized access to [WhatsApp] Services or
`
`systems”;
`
`e.
`
`“Interfere[ing] with or disrupt[ing] the safety, security, confidentiality, integrity,
`
`availability, or performance of [WhatsApp] Services”;
`
`f.
`
`“[C]ollect[ing] information of or about [WhatsApp] users in any impermissible or
`
`10
`
`unauthorized manner”;
`
`11
`
`g.
`
`“[S]ell[ing], resell[ing], rent[ing], or charg[ing] for [WhatsApp] Services or data
`
`12
`
`obtained from [WhatsApp] or [WhatsApp] Services in an unauthorized manner”;
`
`13
`
`h.
`
`“[C]reat[ing] software or APIs that function substantially the same as [WhatsApp]
`
`14
`
`Services and offer them for use by third parties in an unauthorized manner”;
`
`15
`
`i.
`
`Using the WhatsApp Services in ways that “violate, misappropriate, or infringe the
`
`16
`
`rights of WhatsApp, or [its] users, or others, including privacy, publicity, intellectual property, or
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`17
`
`other proprietary rights”; and
`
`18
`
`j.
`
`Using WhatsApp for “any non-personal use of [WhatsApp’s] Services unless
`
`19
`
`otherwise authorized by [WhatsApp].”
`
`20
`
`25.
`
`The WhatsApp’s Terms prohibit users not just from personally engaging in the
`
`
`
`21
`
`conduct listed above, but also from assisting others in doing so.
`
`22
`
`23
`
`C.
`
`Background on Meta and Facebook
`
`26. Meta owns and operates Facebook, a social networking website and mobile
`
`24
`
`application that enables its users to create their own personal profiles and connect with each other on
`
`25
`
`mobile devices and personal computers. As of June 2022, Facebook daily active users averaged 1.97
`
`26
`
`billion and monthly active users averaged 2.93 billion.
`
`27
`
`27.
`
`A Facebook Page is a public profile on Facebook used to promote a business or other
`
`28
`
`commercial, political, or charitable organization or endeavor.
`
`
`
`6
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 8 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`28. Meta’s Audience Network is a product that Meta offers to enable advertisers to
`
`display their ads to people who use third-party (non-Meta) apps and websites. By integrating their
`
`apps with Audience Network, third-party mobile app developers can generate revenue by displaying
`
`ads to Meta users who use their apps. To implement Audience Network, a third-party mobile app
`
`developer adds code provided by Meta to their app, which will show and track the Audience
`
`Network ads (the “Audience Network SDK”). Meta pays the third-party mobile app developers a
`
`percentage of the net revenue generated from the ads delivered on their apps. Generally, the
`
`payment amounts depend on the number of clicks attributed to the ads displayed on a particular app
`
`through Audience Network.
`
`10
`
`29. Meta also operates a developer platform referred to as the “Meta Platform.” This
`
`11
`
`platform enables app developers (“Developers”) to run apps that interact with Meta and Meta users.
`
`12
`
`30.
`
`Access to and interaction with Meta’s computer systems is governed by Meta’s
`
`13
`
`Terms of Service (“Meta Terms”) and other policies, including the Platform Terms and Developer
`
`14
`
`Policies.
`
`15
`
`16
`
`D. Meta’s Terms of Service and Platform Terms and Policies
`
`31.
`
`All Facebook users, including Developers, agree to comply with the Meta Terms
`
`17
`
`when they create a Facebook account. Everyone who uses Facebook must agree to the Meta Terms
`
`18
`
`(available at https://www.facebook.com/terms.php?ref=pf), and other rules that govern different
`
`19
`
`types of access to, and use of, Facebook. These other rules include Meta’s Platform Terms
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`(available at https://developers.facebook.com/terms/dfc_platform_terms) and Developer Policies
`
`
`
`21
`
`(available at https://developers.facebook.com/devpolicy/).
`
`22
`
`32.
`
`Section 3.2.1 of the Meta Terms prohibits using Facebook to do anything that
`
`23
`
`“violates these Terms . . . and other terms and policies,” “is unlawful, misleading, discriminatory or
`
`24
`
`fraudulent,” or “infringes or violates someone else’s rights.”
`
`25
`
`26
`
`33.
`
`The relevant Meta Platform Terms include:
`
`a.
`
`“[Meta] or Third-Party Auditors may conduct an Audit . . . to ensure that your and
`
`27
`
`your App’s Processing of Platform Data is and has been in compliance with these Terms and all
`
`28
`
`other applicable terms and policies.” Section 7.c.i.
`
`
`
`7
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 9 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`b.
`
`“You will cooperate with the audits, including by (1) providing all necessary physical
`
`and remote access to your IT Systems and Records, and (2) providing information and assistance as
`
`reasonably requested . . . .” Section 7.c.iii.
`
`c.
`
`“From time to time, [Meta] may request . . . information, certifications, and
`
`attestations relating to your use of Platform or Processing of Platform Data, which you will provide
`
`to [Meta] in the requested timeframe and form.” Section 7.d.
`
`d.
`
`E.
`
`“You also must comply with all applicable laws and regulations . . ..” Section 11.b.
`
`Defendants Agreed to the WhatsApp Terms
`
`34.
`
`At all times relevant to this Complaint, Defendants were bound by the WhatsApp
`
`10
`
`Terms.
`
`11
`
`35.
`
`Between November 2018 and July 2022, Defendants created and caused to be created
`
`12
`
`approximately ten WhatsApp accounts and agreed to the WhatsApp Terms. For example, on or
`
`13
`
`about January 11, 2019, Defendants’ principal, Brad Chang created a WhatsApp account and agreed
`
`14
`
`to the WhatsApp Terms on their behalf. Likewise, on or about May 23, 2022, Defendants Rockey
`
`15
`
`Tech and Luokai Technology’s Co-Founder, Yao Yao, created a WhatsApp account and agreed to
`
`16
`
`the WhatsApp Terms on their behalf.
`
`17
`
`18
`
`F.
`
`36.
`
`Defendants Agreed to the Meta Terms and Platform Terms
`
`At all relevant times, Defendants were Facebook users that agreed to and were bound
`
`19
`
`by the Meta Terms. In total, Defendants owned and controlled more than five business accounts,
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`five Facebook Pages, and thirty-five Facebook applications.
`
`
`
`21
`
`37.
`
`Defendant Rockey Tech: On or about March 24, 2020, Yao Yao created a Facebook
`
`22
`
`Page named “Rockey Tech.” Through creation and use of this Page, Yao Yao agreed to the Meta
`
`23
`
`Terms on Defendant Rockey Tech’s behalf. On or about October 23, 2019, January 13, 2020, and
`
`24
`
`August 13, 2021, Brad Chang created three Facebook applications (“Status Saver - Audience
`
`25
`
`Network,” “Sticker - Audience Network,” and “Status Keeper - Audience Network,” respectively)
`
`26
`
`that integrated with Meta’s Audience Network on Defendant Rockey Tech’s behalf. Through
`
`27
`
`creation and use of these Audience Network integrations, Brad Chang agreed to the Meta Terms and
`
`28
`
`Platform Terms on Defendant Rockey Tech’s behalf.
`
`
`
`8
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 10 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`38.
`
`Defendant Luokai Technology: On or about June 1, 2020, Yao Yao created a
`
`business account in the name of “Beijing Luokai Technology Co., Ltd.” Through creation and use
`
`of this and other accounts, Yao Yao agreed to the Meta Terms on Defendant Luokai Technology’s
`
`behalf. On or about August 13, 2021, an agent of Defendant Luokai Technology created a business
`
`account and Facebook Page both named “Beijing Luokai Technology Co., Ltd.” and a Facebook
`
`application named “Highlight” and agreed to the Meta Terms and Platform Terms on Defendant
`
`Luokai Technology’s behalf.
`
`39.
`
`Defendant ChitChat Technology: On or about September 28, 2022, Brad Chang
`
`created two business accounts in the names of “ChitChat” and “ChitChat Tech,” respectively, and a
`
`10
`
`Facebook Page named “ChitChat Technology” on Defendant ChitChat Technology’s behalf.
`
`11
`
`Through creation and use of these accounts and Page, Brad Chang agreed to the Meta Terms on
`
`12
`
`Defendant ChitChat Technology’s behalf. On or about October 7, 2020 and November 25, 2020, an
`
`13
`
`agent of Defendant ChitChat Technology created two Facebook applications (“Status saver new -
`
`14
`
`Audience Network” and “Status saver,” respectively) that integrated with Meta’s Audience Network
`
`15
`
`on its behalf. Through creation and use of these Audience Network integrations, this Facebook user
`
`16
`
`agreed to the Meta Terms and Platform Terms on Defendant ChitChat Technology’s behalf.
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`17
`
`18
`
`19
`
`G.
`
`Defendants’ Account Takeover Attack
`
`1.
`
`Overview
`
`40.
`
`Beginning no later than May 2022 continuing until at least July 2022, Defendants
`
`20
`
`facilitated an account takeover attack targeting WhatsApp and its users. Defendants’ scheme
`
`
`
`21
`
`proceeded as follows:
`
`22
`
`41.
`
`First, Defendants developed and distributed on various websites, including
`
`23
`
`heymods.com and the Google Play Store, at least two Malicious Applications and multiple versions
`
`24
`
`thereof, which contained malware and were designed to trick victims into self-compromising their
`
`25
`
`WhatsApp accounts. Exhibits A-C. Defendants also promoted their Malicious Applications on
`
`26
`
`Facebook.
`
`27
`
`28
`
`
`
`9
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 11 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`42.
`
`Second, through the Malicious Applications, Defendants facilitated the
`
`misappropriation of users’ WhatsApp account keys, which include authentication information from
`
`the victim’s device, and used them to access the victim’s WhatsApp account without authorization.
`
`43.
`
`Third, once Defendants gained unauthorized access to a victim’s WhatsApp account,
`
`they caused the account to be used without authorization and for improper purposes, including to
`
`send commercial spam.
`
`2.
`
`Defendants’ Development and Distribution of the Malicious Applications
`
`44.
`
`Between approximately June 2021 and July 2022, Defendants developed and
`
`distributed multiple unofficial versions of WhatsApp and at least two of these contained malware.
`
`10
`
`See, e.g., Exhibits A-C. For example, Figure 3 is a screenshot of one of the unofficial versions of
`
`11
`
`WhatsApp, which Defendants made available at malavida.com and called “HeyWhatsApp Android
`
`12
`
`20.50.0” on June 14, 2022. On the Google Play Store, Defendants listed the developer of these
`
`13
`
`Malicious Applications as “HeyMods Yo Gb Plus WaMods,” with the e-mail address
`
`14
`
`gb.wamods@gmail.com. Exhibits B-C.
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Figure 3: Defendants’ “HeyWhatsApp Android 20.50.0”
`available on malavida.com on June 14, 2022
`
`
`
`10
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`
`
`3:22-CV-05711
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 12 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`45.
`
`Between at least June 7, 2021 and July 2022, one of the Malicious Applications made
`
`available by Defendants on the Google Play Store was called, “AppUpdater for WhatsPlus 2021 GB
`
`Yo FM HeyMods.” Exhibit B. According to Defendants, this application was designed to
`
`automatically update any of Defendants’ unofficial WhatsApp applications installed on the victims’
`
`device. Id. According to the Google Play Store, this application was installed by more than one
`
`million users. Id.
`
`46.
`
`Between at least March 3, 2022 and July 2022, another Malicious Application
`
`Defendants made available on the Google Play Store was called “Theme Store for Zap.” Exhibit C.
`
`According to Defendants, this application was designed to modify other versions of unofficial
`
`10
`
`WhatsApp applications, including modifying the applications’ colors. Id. According to the Google
`
`11
`
`Play Store, this application was installed by more than 100,000 users. Id.
`
`12
`
`47.
`
`Defendants tricked victims into installing the Malicious Applications by
`
`13
`
`misrepresenting them on the Google Play Store as legitimate alternatives to WhatsApp. For
`
`14
`
`example, Defendants promoted the Malicious Application “AppUpdater for WhatsPlus 2021 GB Yo
`
`15
`
`FM HeyMods” as a tool to “receive the latest update and latest new feature notification of [multiple
`
`16
`
`unofficial WhatsApp applications] from HeyMods.” Exhibit B. Defendants promoted the Malicious
`
`17
`
`Application “Theme Store for Zap” as a tool to change the look-and-feel or “theme” of multiple
`
`18
`
`unofficial WhatsApp applications developed by Defendants. Exhibit C. In fact, the Malicious
`
`19
`
`Applications contained malware designed to facilitate an account takeover attack and were not
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`20
`
`affiliated with WhatsApp or Meta. Defendants did not disclose on the Google Play Store or in its
`
`
`
`21
`
`Privacy Policies that this application contained malware designed to collect the users WhatsApp
`
`22
`
`authentication information. See Exhibits L-M.
`
`23
`
`48.
`
`Defendants also promoted their website heymods.com on Facebook. For example, on
`
`24
`
`or about July 14, 2020, Defendant Luokai Technology created the Facebook Page, “Animated
`
`25
`
`Sticker Maker for WhatsApp - WAStickerApps,” to promote Defendants’ unofficial WhatsApp
`
`26
`
`applications available on heymods.com.
`
`27
`
`28
`
`
`
`11
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 13 of 76
`
`
`
`3.
`
`49.
`
`Defendants Gained Unauthorized Access to Victims’ WhatsApp Accounts
`
`After victims installed the Malicious Applications, they were prompted to enter their
`
`WhatsApp user credentials and authenticate their WhatsApp access on the Malicious Applications.
`
`The Defendants programmed the Malicious Applications to communicate the user’s credentials to
`
`WhatsApp’s computers and obtain the users’ account keys and authentication information
`
`(collectively, “access information”). Defendants also programmed the Malicious Applications to
`
`send the victim’s access information to computers controlled by Defendants using some of the
`
`following domains: hzdy.birxpk.com, cx48t3.khvi3w.com, uz1dtd.khvi3w.com, pdhegk.nxsoaa.com,
`
`and 96oh21.nxsoaa.com.
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`50.
`
`Defendants’ privacy policies for the Malicious Applications misrepresented that
`
`11
`
`Defendants collected only “Technical Data and Device information such as network connection type
`
`12
`
`(e.g., WiFi, 3G, 4G), browser type, language, operating system, [] your provider, network and device
`
`13
`
`performance, the unique device identifier assigned to that device by phone makers, carriers, or
`
`14
`
`maker s [sic] of the operating system, application status, [] usage statistic[s], your usage.” Exhibits
`
`15
`
`L-M. Defendants further represented that “[t]he only purpose” of collecting such information “is to
`
`16
`
`improve [their] service, to make the application run faster and use less storage and data.” Id.
`
`17
`
`(emphasis added). In fact, Defendants collected access information for improper purposes, including
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`18
`
`spam.
`
`19
`
`51.
`
`For example, on or about May 16, 2022, a WhatsApp user located in the United
`
`20
`
`Kingdom installed one of the Malicious Applications. The user’s WhatsApp account was then
`
`
`
`21
`
`accessed using the access information collected through the Malicious Applications without
`
`22
`
`WhatsApp’s or the user’s authorization.
`
`23
`
`24
`
`25
`
`4.
`
`The Compromised WhatsApp Accounts Were Used to Send Commercial
`
`Spam Messages
`
`52.
`
`Defendants used or caused their unauthorized access to be used to send thousands of
`
`26
`
`spam messages on WhatsApp.
`
`27
`
`53.
`
`Between approximately May 2022 and continuing to at least July 2022, Defendants
`
`28
`
`used or caused the victims’ WhatsApp Accounts to be used to send unauthorized spam messages.
`
`
`
`12
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 14 of 76
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`The unauthorized access and spam messages promoted third-party websites, including
`
`www.222atm.com, www.28.city, https://panda95.live/RF1817A311, https://panda95.live/RF,
`
`https://cutt.ly/oGlcJ0G, https://cutt.ly/FGlc8nZ. The spam messages were directed at WhatsApp
`
`users around the world, including users in Hong Kong, Indonesia, Malaysia, and Singapore.
`
`H. Meta’s Enforcement and Request for an Audit Pursuant to the Platform Terms
`
`54.
`
`In July and August 2022, WhatsApp disabled Defendants’ WhatsApp accounts and
`
`Meta disabled Defendants’ Facebook user accounts, business accounts, ad accounts, applications,
`
`and Pages, and Instagram user accounts.
`
`55.
`
`On or about July 7, 2022, Plaintiffs also sent each Defendant a cease and desist letter.
`
`10
`
`Exhibit N. Meta further requested an audit of Defendants’ systems pursuant to Facebook Platform
`
`11
`
`Policy 7.c. Id. WhatsApp also notified Google that Malicious Applications in the Google Play Store
`
`12
`
`contained malware designed to facilitate account takeovers.
`
`13
`
`56.
`
`Between July 21 and August 12, 2022, Plaintiff’s counsel sent additional
`
`14
`
`correspondence to Defendants requesting a response to the July 7 cease and desist letter and audit
`
`15
`
`demand. To date, Defendants have not responded. However, on July 18, 2022, Defendants
`
`16
`
`announced on Telegram that “[d]ue to some circumstances, the heymods team will stop updating
`
`Los Angeles, California 90071-2627
`550 South Hope Street, Suite 2000
`Hunton Andrews Kurth LLP
`
`17
`
`apps in the heymods family.” Exhibit O.
`
`18
`
`19
`
`I.
`
`57.
`
`Defendants’ Unlawful Acts Have Caused Damage and a Loss to Plaintiffs
`
`Defendants’ breaches of Plaintiffs’ Terms and other misconduct described above have
`
`20
`
`harmed Plaintiffs, including by negatively impacting Plaintiffs’ services.
`
`
`
`21
`
`58.
`
`Defendants’ misconduct has caused Plaintiffs to spend resources investigating and
`
`22
`
`redressing Defendants’ wrongful conduct. Plaintiffs have suffered damages attributable to the
`
`23
`
`efforts and resources they have used to investigate, address, and mitigate the matters set forth in this
`
`24
`
`Complaint.
`
`25
`
`26
`
`27
`
`28
`
`FIRST CAUSE OF ACTION
`
`(Breach of Contract)
`
`by Plaintiff WhatsApp LLC against Defendants
`
`59. WhatsApp incorporates all other paragraphs as if fully set forth herein.
`
`
`
`13
`COMPLAINT; DEMAND FOR JURY TRIAL
`
`3:22-CV-05711
`
`
`
`Case 4:22-cv-05711-KAW Document 1 Filed 10/04/22 Page 15 of 76
`
`
`
`60.
`
`Defendants agreed and became bound by the WhatsApp Terms when they, through
`
`their principals and agents, created various WhatsApp accounts.
`
`61.
`
`Defendants breached their agreement with WhatsApp by taking the actions described
`
`above in violation of the WhatsApp Terms.
`
`62. WhatsApp has performed all conditions, covenants, and promises required of it in
`
`accordance with its agreement with Defendants.