- New Android malware is being spread through WhatsApp
- The malware is encrypted in the message that reads “Download This application and Win Mobile Phone”
- After the app is installed, the wormable malware infects your contact list
If you receive a WhatsApp message that reads, “Download This application and Win Mobile Phone” do not fall for it. It’s said to be a wormable malware that can infect your contact list and steal your personal details. Android users are at high risk of this WhatsApp message malware, as per ESET malware researcher Lukas Stefanko. He looked into this nasty Android WhatsApp malware and discovered that the message attempts to trick users into downloading a fake Huawei app, which then asks a number of permissions, including Notification Access to instantly reply to WhatsApp messages with a link to the scam site.
Android WhatsApp Worm?— Lukas Stefanko (@LukasStefanko) January 21, 2021
Malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app.
Message is sent only once per hour to the same contact.
It looks to be adware or subscription scam. https://t.co/NYbh2A9Y6M pic.twitter.com/2tFgLyG94O
The malware was first reported by Twitter user @ReBensk who claims that its main purpose is to generate fraudulent advertising revenue for its operators. Stefanko further added that the malware spreads via the victim’s WhatsApp, automatically replying to any WhatsApp message notification with a link to a fake and malicious Huawei Mobile app.
While the Huawei app looks authentic, it isn’t available on the Google Play Store. The malware prompts users to download and install the app from the web, thus avoiding the security precaution on Android devices. After the installation is complete, the Huawei Mobile app requests users to enable a variety of functions and permissions, including notifications, ability to draw over other apps, and ignore battery optimisation.
“The worm spreads via messages to WhatsApp contacts only when the last received message by the victim was sent more than an hour ago,” said Stefanko. He believes that this is done so as to raise suspicion among the victim’s contacts since receiving a link as a response to every message might cause alarm. While the WhatsApp malware is currently being used as an adware or subscription scam campaign, it’s said to have the ability to distribute banking trojans, ransomware, or spyware.
The worm spreads via messages to WhatsApp contacts only when the last received message by the victim was sent more than an hour ago.
“This is a malicious app that tricks people into downloading it and sending phishing messages through permissions granted by the Android operating system. We are reporting this to the domain provider that the phishing service is using to take action and to protect against this abuse,” a WhatsApp spokesperson was quoted as saying MailOnline.
You should avoid clicking on such malicious links and only download Google Play Protect apps from the Play Store to make sure the app is safe to use.