Wormable Android malware spreads via WhatsApp messages

“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app

Android users should watch out for new wormable malware that spreads through WhatsApp  messages and lures the prospective victims into downloading an app from a website look like as Google Play store.

“This malware spreads via the victim’s WhatsApp, automatically replying to any WhatsApp message notification with a link to a fake and malicious Huawei Mobile app,” said Stefanko. The malware, which was first reported by @ReB1ensk at Twitter, appears to be mainly intended to generate fraudulent advertising revenue for its operators.

In order to install the malicious app, users are prompted to allow the installation of apps from places other than the official Google Play store, thus removing this security feature which enabled-by-default security precaution on Android devices.

How’s it work

Once the installation is completed, the app goes on to request a lot of permissions, including Notification Access, which in combination with Android’s Direct Reply function is used to achieve worm ability.

“Combining these two features, the malware can effectively respond with a custom message to any received WhatsApp notification message,” said Stefanko. The virus then runs in the background until it fetches a response from the server while waiting for a WhatsApp notification message that is then used to distribute the malicious link to the victim’s contacts.

The malicious app also requests other permissions, including to draw over other apps, which allows it to overlay over any other applications running on the device, and to ignore battery optimization, which enables it to run in the background and prevents the system from killing it off even if it starts draining the device’s power and resources.

Currently, the app seems mainly to be used in an adware or subscription scam campaign, although it could be used to do worse attack. “This malware could possibly distribute more dangerous threats since the message text and link to the malicious app are received from the attacker’s server. It could simply distribute banking trojans, ransomware, or spyware,” said Stefanko.

Also Read: 10 Types of Malware and How to Get Safe?

How to protect yourself

The best action would be to avoid clicking on any suspicious or unknow links, only download apps from  official Google Play store, and use a good antivirus.


Write a Comment

Your email address will not be published. Required fields are marked *