Researchers have uncovered a new Android malware that disguises itself as a WhatsApp message to spread across victims’ contact lists. According to Lukas Stefanko, a researcher from security firm ESET, cybercriminals are targeting unsuspecting WhatsApp users for their malicious adware campaign.
“This malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to a malicious Huawei Mobile app. Message is sent only once per hour to the same contact. It looks to be adware or subscription scam,” Stefanko said.
Imposter Huawei Mobile App
The malicious link is directed to a fake Huawei Mobile app that redirects users to a fake Google Play Store website. Once installed, the fake app prompts victims to grant it notification access to carry out account takeover activities. The malware abuses WhatApp’s quick reply feature to send quick responses automatically, along with the hidden malware.
Android WhatsApp Worm?
Malware spreads via victim’s WhatsApp by automatically replying to any received WhatsApp message notification with a link to malicious Huawei Mobile app.
Message is sent only once per hour to the same contact.
It looks to be adware or subscription scam. https://t.co/NYbh2A9Y6M pic.twitter.com/2tFgLyG94O
— Lukas Stefanko (@LukasStefanko) January 21, 2021
In addition to accessing notifications, the fake app requests intrusive permissions to run in the background. Using the fake app, hackers can exploit other applications in the device to steal account credentials and other sensitive information.
The researcher explains…
“I don’t remember reading and analyzing any Android malware having such functionality to spread itself via WhatsApp messages. I would say it could be via SMS, mail, social media, channels/chat groups etc.,” Stefanko added.